The "Oh hey look who got hacked today" thread!

[djzombie]

https://www.vice.com/en_us/article/3...ficial-denials

The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states.

[6souls]

Biostar - 23GB of Fingerprint Data & ~30M Records of Client's Personal Information
https://www.bbc.com/news/technology-49343774

[6souls]

Capital One - 100M Accounts from the US & 6M from Canada, 140k Social Security Numbers & 80k Bank Account Numbers
Affects Anyone who Applied for a Credit Card between 2005 & Early 2019
CO knew of the Hack on July 19th, but Waited until the 29th to Inform Customers
Female Hacker Caught by the FBI in Seattle
https://www.marketwatch.com/story/10...ask-2019-07-30 | https://www.apnews.com/f4ce858ef3f949888c98a83f6a8c3b8e

https://www.bbc.com/news/technology-49357758

The hacker was also caught with "tetrabytes" of data from 30 other companies, schools, and government agencies. The only company named was Amazon where she lifted data from it's cloud services.

[6souls]

Hy-Vee - Credit Card Data from Machines Used in it's Restaurants, Fuel Pumps, and Drive-Thru Coffee Shops
No Confirmation of Grocery Readers being Affected
https://www.mprnews.org/story/2019/0...t-card-readers

[Fiye]

Actual good news Kiwi Farms got hacked.

[6souls]

Actual good news Kiwi Farms got hacked.

[6souls]

The Country of Ecuador, Nearly Every Citizens (17M) Financial Information and Civil Data
https://www.bbc.com/news/technology-49715478 | https://www.vpnmentor.com/blog/report-ecuador-leak/

[6souls]

https://www.bbc.com/news/technology-49768617

US Air Force to allow a select group of hackers to attempt to take over and control one of their satellites at Def Con 2020.

[TsingTao]

The real question should be 'Can the USAF take control back before hackers fire off the space lazors?'

[Jaybar]

The real question should be 'Can the USAF take control back before hackers fire off the space lazors?'

Now this is some good war-games shit. We can turn it into a movie with Kelsey Grammar called "Down Satellite"

[6souls]

Hookers.nl - The Personal Information of 250k Workers & Clients
https://www.bbc.com/news/technology-50013630

[Ragns]

https://www.forbes.com/sites/kateofl.../#2a123ba83d38

Equifax was protecting sensitive personal information on a portal used to manage credit disputes with the username “admin.”

And if that wasn’t enough, the password protecting that data was probably the first one an attacker would guess: Yes that’s right, it was also “admin,” according to the lawsuit.

[TsingTao]

As a long time sysadmin this is rather rage inducing. Fucking ridiculous.

[6souls]

Disney

https://www.zdnet.com/article/thousa...acking-forums/

Thousands of hacked Disney+ accounts are already for sale on hacking forums
Hackers began hijacking accounts hours after Disney+ launched earlier this week.

Hackers didn't waste any time and have started hijacking Disney+ user accounts hours after the service launched.

Many of these accounts are now being offered for free on hacking forums, or available for sale for prices varying from $3 to $11, a ZDNet investigation has discovered.

https://www.bbc.com/news/technology-50461171

BBC found even more through their own investigation. They also note that the Dis+ account also shares access to Disney Parks and the Disney Store accounts.

[Anoat]

Yeah, when I logged on to D+ last night I was prompted to change my password and THEN there was a note that the same email/password would be used across all Disney services including parks and Disney stores which was definitely NOT disclosed when I signed up for D+.

I use the same email for my Disney World account but I haven’t tried to login there with my old password to see if it still worked or not.

[BerenTebogo]

> be one of the largest companies in the world
> still pay your IT/infosec team minimum wage
> ???
> profit

[Melena]

That's nothing new. For just about every company, IT budgets are one of the first things that's cut.

[BerenTebogo]

You'd think that in the year of our lord Google 2019 they'd start learning but god damn. It's cheaper to settle lawsuits than pay qualified people I guess.

[Hellfury]

Everybody gambles that they're not a (significant) target. Ignoring the basic fact that _everyone_ is a target :/

[6souls]

https://www.bbc.com/news/technology-50972890

A U.S. Coast Guard facility was hit by a ransomware attack last month and was down for 30 hours.

Ransomware interrupted cameras, door-access control systems and critical monitoring systems at the site.

Officials said they believed the ransomware was sent in a malicious email link, clicked by an employee.

The US Coast Guard (USCG) issued a security bulletin on 16 December, urging other bases to take measures to prevent further attacks.

"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise information technology (IT) network files, and encrypt them, preventing the facility's access to critical files," it said.

"The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."