Starbucks WIFI in Argentina Hacked, Customer Revealed Malicious Code

In another very surprising hacking incident, a customer who visited a Starbucks coffee outlet in Buenos Aires, had encountered a malicious code after connecting to the available WIFI connection.

The popular coffee manufacturer and outlet confirmed the incident in Argentina.

From the published information through cnbc.com, the hacking incident at the Starbucks outlet in Buenos Aires happened last December 2, which immediately infected the laptop of the customer who connected to the free WIFI inside the popular coffee shop in Argentina.

The hacking code had generated the Monero crypto-currency from his laptop.

Based on the shared information also, they recognized the person as Noah Dinkin (hisTwitter username) and to prove the hacking incident, he managed to post a screenshot he took about the intriguing code caused by the hacker to show the public.

He revealed that it really happened to him at the Starbucks outlet in Argentina. According to his explanation, the first time he tried to connect to the free WIFI the code attempted to delay his connection. Because of this, it permitted the transaction to mine bitcoin illegally by utilizing the processing power of his device.

They also recognize Dinkin as an executive of Stensul, a tech-company based in New York who immediately noticed the sneaky mining code.

Based on the observation of those who learned about the hacking from Starbucks during the first week of December, the malicious or illegal code might be an issue to mine bitcoins. However, some users of Twitter believed that the involved website that hosted the script might originate from Monero (a different type of crypto-currency).

From the published news report through RT.com, Starbucks confirmed the hacking issue last Monday (December 11) and investigated the incident. As detailed online, the company made an immediate action so that their Internet provider will handle the problem and execute the necessary changes for the protection of their valued customers who are using their free WIFI connection.

Starbucks posted their explanation through their official Twitter account and assuring that they had resolved the problem already. It likewise confirmed that this particular incident, which occurred in the coffee outlet in Buenos Aires, is not a widespread concern.

“Last week, we were alerted to the issue and we reached out to our internet service provider—the Wi-Fi is not run by Starbucks, it’s not something we own or control,” said the representative of Starbucks as detailed through the Motherboard. “We don’t have any concern that this is widespread across any of our stores,” it added.

According to the news report also, they consider the Monero token as a popular “crypto-jackers” and capable of perform mining to different personal computers even without a special platform or hardware.

In line with this issue, RT.com revealed that a suspicious mining code likewise infected other known video websites like OnlineVideoConverter, Openload, Rapidvideo and Streamango.

As for cyber security expert Don Smith who learned about this issue, he explained that users of public WIFI ought to make sure that the software they utilize is up-to-date and must be aware of potential malicious activity.

 “Always be wary when connecting to untrusted networks, public wi-fi hotspots are untrusted to you even if they are provided by a trusted brand,” said Don Smith during an interview by the BBC.

Smith is an expert of cyber security and working for Secureworks.

It is true that this kind of crypto-currency mining incident is becoming prevalent today and many Internet users are experiencing different problems about it. Professional hackers are capable of determining on when to execute their plans and the victims they want to target.

The many unknown web intruders or hacking groups now are continuously increasing in numbers worldwide.

Uber Paid Hackers $100,000 or £75,000, To Delete 57M Stolen Data

Back in 2016, taxi service provider Uber experienced a massive hacking issue that affected nearly 50 million passengers and 7 million taxi drivers’ personal information, as confirmed by the company.

However, there are reports that it settled an amount of $100,000 to the hacking group to delete the millions of data they stole during that time.

According to the latest reported news through RT.com, Uber had paid the hacking group in order to request for deletion of the stolen information from its millions of drivers and passengers. The popular alternative taxi service provider spent almost $100,000 to settle the hackers last year.

Uber had reportedly requested the hackers to keep the data breach in secret.

To make sure that the company does lose the trust of its passengers and drivers, Dara Khosrowshani confirmed the issue about hacking in 2016 on Tuesday. They want to show transparency and honesty to the people about the data breach.

“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” said Dara as quoted by the reported news.

Khosrowshani is the new Chief Executive Officer (CEO) of Uber Technologies Inc.

From the published information through Bloomberg, the company spent about $100,000 to settle the two hackers and the agreement is that they will delete the stolen personal data such as email addresses, names mobile phone numbers and an estimated 600,000 numbers of driver’s licenses.

In line with this issue, the company made a decision to fire Joe Sullivan this week because he got involved to the massive data breach last year, which occurred last October in 2016, the report from Bloomberg added.

Joe Sullivan is the former Chief Security Officer of the company and such incident really affected his reputation.

To make sure the affected passengers and drivers are aware of the situation, Uber provided them with individual resource pages wherein they will have free credit monitoring as well as protection against identity theft, as detailed on the news online. The alternative taxi-provider however revealed that the history of locations, dates of births, credit card numbers, bank accounts and Social Security numbers of the affected individuals are not part of the data breach.

“The incident did not breach our corporate systems or infrastructure,” said the new CEO of the company.

“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” he continued.

Uber likewise stated through Khosrowshani that at least two persons became responsible for the massive hacking of the personal data. They already terminated them and one of them is the former Chief Security Officer Joe Sullivan as detailed above. The other involved person is a deputy officer of Sullivan.

According to the news published by express.co.uk, the former security officer of Uber made a decision to hide the issue as an effort to cover up the possible security and privacy scrutiny that might affect the company. This incident occurred during the discussions with the United States regulators that investigated the mishandling of the personal data of the affected passengers and riders.

The investigation started last October to determine the faults of Sullivan’s team, which caused the breach. Again, the new CEO wants a transparency to its valued drivers and passengers for the ongoing investigation.

Based on the investigation as reported online, the hacking groups made use of a code repository (GitHub) and this is similar what the engineering department of the company is using.

They successfully hacked the personal information through an Amazon cloud server.

EU to Impose New Privacy Law on 2018, E-Commerce Businesses Must Prepare

From a decent point of view, an online business with a privacy policy has the exact management of the available information. This kind of policy is necessary in assuring both the owner of the website and the users the right agreement on how to gather, use, share and protect the users’ data during the actual visit from the website.

In the past years even when they introduced the Internet, majority of the web-based businesses do not have this privacy policy. However, the different issues that bother many ecommerce businesses online somehow triggered the decision to setup this type of policy and almost all business owners who run their websites imposed this guideline.

This is besides having a page for About Us, Terms of Use and Disclaimer.

Lately, there had been different reports online particularly in the United States about the implemented privacy policies of many businesses. As published through ecommercetimes.com, businesses in the U.S. have a privacy policy and regulated by the Federal Trade Commission (FTC). Under the rules of this commission, there is actually not necessary for a website to have such policy and if it has an existing one, the business must adhere to it and avoid any violation.

 

FTC actually can impose penalties and file lawsuits for businesses that do not adhere to their own privacy policy just like what happened to LifeLock, which the commission sued for its negligence before.

 

According to the news published by E-Commerce Times, there is a huge change next year regarding the privacy rights online of which the European Union (EU) will implement by May 2018. They are going to change the existing “EU Data Directive” or “EU Data Protection Directive 95/46/EC into “EU GDPR.” As detailed from the information about this new regulation, it will assure the data privacy rights of the citizens of EU and normalize the data privacy laws in the European region.

 

The basis of the regulations is that a person has a fundamental right to privacy and businesses or corporations have no right to sell or purchase such individual privacy.

 

As for those organizations in the United States, the reported news said that they might not learned about the upcoming policy of EU or think that they will only implement the GDPR in organization based in the European Union. On the other hand, it appears that this new policy next year will cover all the businesses or organizations that provide services or sell products, or that checks data coming from EU, and this is irrespective of the origin.

 

Any business or organization that provides service or sells products, or need to monitor information from the citizens of EU, the new regulations will cover them and subjected.

 

The published news information likewise revealed that businesses in America are now worrying about two important matters, which is enforcement and applicability. It may be possible that large-scale businesses can easily adjust to the new guidelines, but perhaps not for those small businesses. One reason is that they still need to determine if their clients are really origination from the European region.

 

The EU GDPR does not also exempt Cloud services because they usually store users’ data worldwide and not only in a particular region. This is the reason why they also need to learn about the upcoming regulations and determine of what effects they need to anticipate.

 

The current regulation mainly focuses on monitoring large-scale or multinational businesses and not those small-scales.  However, the new guidelines on May 2018 directly change this conventional approach. This is the exact reason why businesses in the U.S. and other parts of the world must start reviewing the available information about the EU GDPR ahead of time.

 

Surely, the penalties or charges for those who will not comply can hurt their finances and so awareness is very important.

Reaper Malware Attacks Infected Millions of Internet Connected Devices

Professional malware software developers do not only target laptops and personal computers because even tablets, mobile and Smartphone users are experiencing unwanted attacks from these types of intruders. Almost all types of electronic devices that access over the Internet. Due to the increasing numbers of reports about cyber attacks that steal personal information from the targeted victims, it is definitely important for us to become aware of this widespread issue and the exact solutions to counter them.

With the development of the Android and IOS operating system units, malware attackers are becoming more interested in threatening the users. One reason is that millions of people from all parts of the world choose to invest for advanced Smartphone devices, than those ordinary items on the market. This is very similar to those who are investing for high-end laptops, PCs and tablets because they want something that feature the newest technological elements.

From the latest reported news online about cyber attacks, there are experts in cyber-security who gave a warning about the possible upcoming cyber hurricane caused by the recent Reaper malware, which infected millions of the devices that connects to the Internet.

The widespread of the infected devices can affect the Internet worldwide.

“Our research suggests we are now experiencing the calm before an even more powerful storm,” said Check Point Software. It added that it has no idea on how the code be employed or the damage extent caused by the attack, as detailed through RT.com on Wednesday.

Reaper malware is also popular as lo Trooper and this is a huge robotic network zombie (also known as Botnet) and it immediately infected millions of Internet Things devices, the reported news added. To mention of these affected devices include video recorders, web-cameras and security surveillance cameras.

From the observation Netlab 360, the malware is expanding or spreading actively and possible queuing millions of IPs from the infected devices through injecting the malicious code from the system.

According from the recorded data of those involved cyber-security experts, the found out about the zombie robotic network in the middle of September this year and originated from the Mirai Botnet source code, which infected websites by using the denial-of-distribution (DDoS) attacks October 2016. As explained by the cyber experts last year, the attacks became the biggest online security invasion in history and successfully took down the Internet within the United States.

The main victim of the Mirai Botnet is the Dyn Company, which has the capacity to control most of the domain name system (DNS) infrastructure of the Internet. The exact date of the attack last year is on October 21, 2016 and became dominant within that day.

It infected websites such as Reddit, the Guardian, Twitter, CNN, Spotify as well as other US and Europe-based online sites. Almost 164 nations worldwide had affected with the Mirai Botnet.

According to Maya Horowitz, Reaper already made an effort to improve the Mirai Botnet and the code is capable of functioning into almost 100 different activities. Unfortunately, the code source is still unidentifiable and can possible continuously infecting more and more electronic devices.

Horowitz is from the Check Point Software and they continue the investigation.

The exact function of Reaper is to exploit the current vulnerabilities in many Internet devices and then inject unknown malicious code. When it succeeded, it will then begin the attack based on the exploited vulnerabilities or weaknesses of the targeted devices.

As expected, the users will not have any idea about the malicious attacks.

In line with this issue, cyber experts from Check Point likewise reported few months ago that about 14 million Android units were infected the CopyCat malware. This particular attack helped the hackers to earn almost $1.5 million within just 60 days through bogus advertisement revenues, as reported through checkpoint.com last July.

DOJ Files Motion to US Supreme Court, Questions Decision Favoring Microsoft

The latest news reports online talk about the reaction of the Supreme Court of America after learning the decision of the Second Circuit Court of Appeals ruling, which favor giant software company, Microsoft.

The US Supreme Court is set to review the request from the Department of Justice (DOJ) to reverse the handed decision by the Second Circuit.

The DOJ continue to battle against Microsoft, regarding the issue that stored data from their servers in Ireland, which the federal investigators had discovered. According to the report through rt.com, the law enforcement of America is having trouble reaching the stored data from abroad due to the protection of Microsoft and does not permit access.

From the submitted appeal on Friday as quoted by the news online, the DOJ is arguing that the Court of Appeals Second ruling “has created a regime where electronic communication service providers… can thwart legitimate and important criminal and national security investigations.”

The argument between the DOJ and Microsoft started back in 2013 when the American government issued a warrant against the giant software maker, which has then linked to the ongoing investigation of the criminal narcotics because the government wanted to seize the stored data of a specific customer who has an active Microsoft email.

 

Unfortunately, the popular software company refused to submit the needed data with connection to the investigated email account of the customer. Since then, both parties had gone through legal dispute in the courthouse about the stored data from the company’s Ireland-based servers.

Last June, the DOJ made a decision to file a motion to bring the lawsuit to the US Supreme Court already.

 

In a statement presented by the DOJ as quoted through thehill.com, it explained that, “The panel reached that unprecedented holding by reasoning that such a disclosure would be an extraterritorial application of the Act — even though the warrant requires disclosure in the United States of information that the provider can access domestically with the click of a computer mouse.”

This particular argument likewise caught the attention of some lawmakers in Washington, wherein they debated about the plan to update the existing laws in the country when it comes to data privacy as well as law enforcement procedure in accessing stored data from other nations, when necessary.

If ever the US Supreme Court will agree to review and hear the lawsuit, it is possible that any decision it hands will make a huge impact on how tech companies need to keep their data and on how they permit the law enforcement to access such data from them.

Should there is not firm decision from the higher court to reverse the lawsuit; the Congress may pursue its plan to modify the almost 3-decade privacy law.

In line with this issue, the giant software maker already responded to the request of the DOJ. As written by Brad Smith through a blog post and quoted by The Hill online, he said that, “We will continue to press our case in court that the Electronic Communications Privacy Act (ECPA) — a law enacted decades before there was such a thing as cloud computing — was never intended to reach within other countries’ borders.”

Smith added in his post that, “If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” He continued saying, “We believe that people’s privacy rights should be protected by the laws of their own countries and we believe that information stored in the cloud should have the same protections as paper stored in your desk.”

The 1986 Electronics Communications Privacy Act states that a service provider need to disclose any electronic communication to the legitimate agency of the government when it needs to investigate potential criminals.

Yahoo Revealed 2013 Data Breach Affected its 3BN Email Users

From the latest shared news reports online, search engine company Yahoo revealed that it is possible that the stolen email accounts back in 2013 caused by the data breach might be 3 times than what it has reported before.

Yahoo revealed on Tuesday that the affected email account holders are approximately three billion accounts, which it announced before that the estimated stolen e-mails are two billion.

The recent announcement of the parent company of Yahoo revealed that the announced affected email accounts back in 2013 might increased in their latest estimation. According from the news through Reuters, the search engine company said it is possible that the compromised emails affected its 3 billion users.

This estimation came out after the investigation about the data breach in 2013.

The popular search engine company said last year that over one million email accounts had been part of the breach, which they considered the biggest data breach problem worldwide in history.

From the statement of the company last December, it said that “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or encrypted security questions and answers.”

The investigation however failed to conclude if the hackers successfully acquired the payment card data, clear text or bank account passwords of the involved users.

On the other hand, Yahoo just recently announced that they already resolved the data breach problem last year after taking the necessary actions for them to provide the exact security to their valued users. Right after learning about the breach that time, they also required the users to immediately replace their password and use security questions to make sure nobody can access their registered accounts.

Verizon Communications is now the owner of Yahoo after its acquisition last June with the amount of $4.48 billion. It also revealed that they had been working with some forensic professionals in investigating the breach and likewise has “new intelligence” to make sure the same problem will not happen again, the news added.

Verizon had combined the popular search engine with AOL as a new company recognized as Oath.

Yahoo is continuously making an effort to notify the other two billion users about the problem, just like what it did from the initial one billion account holders.

 

From the statement of Chandra McMahon as detailed through Financial Times, said that Verizon the decision to invest in acquiring Yahoo means improving its security and so that they can provide better experience to all their valid users.

 

“We proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said McMahon in her statement as quoted by rt.com.

McMahon is Verizon Communication’s chief information security officer.

Yahoo released its latest statement about the affected billions of users after the Congress grilled the former boss of Equifax, which is a popular credit reporting company that experienced a huge data breach few months ago. Equifax admitted that about 142 million of people in the United States are part of the breach and possible compromised their credit card information, Social Security numbers and other important data.

Equifax had been investigation about the issue to determine the exact hackers.

Last March, there is conducted internal investigation proving that the senior executives of the company failed to investigate or comprehend properly.

According to the filed regulatory through the Securities and Exchange Commission, it stated that “The information security team understood that the attacker had exfiltrated copies of user database backup files containing the personal data of Yahoo users but it is unclear whether…exfiltration was effectively communicated and understood outside the information security team.”

It is very important for Yahoo to explain its side further and appropriately because there are affected users who are revealing their worries about the real issue.

Privacy Advocate Reveals Hacking Issue Online, Involves Facebook Users

Due to the continuing issues about online privacy that affect millions of web users lately, social media network giant Facebook made a surprising decision that disagrees to the planned online privacy protection law.

According to the shared information online about the decision, the popular social media giant believe that the new law may prevent revealing information about the Russian interference during the US election due to the privacy laws. However, Facebook also made a decision about its willingness to coordinate with the investigating parties and to discuss about altering the setting of privacy.

Based on the observation of a privacy advocate Marc Rotenberg shared through fortune.com, it appears that the social media giant is not prepared to secure its millions of users, which is actually the responsibility of many companies. According to the advocate, it is important for companies to learn to disagree with the requests of some governing bodies in terms of collecting personal information.

It is as well necessary that they should have a concrete protection to whatever product they offer using the Internet.

Unfortunately, Facebook seems lack the right security for its users just like when it revealed about the hackers from Russia who interfered during the US Presidential election last year. From the point of view of the advocate who shared his thought online, the California-based social media network is not allowing its users to determine its business practices and this might not be favorable.

There are revealed news report that it is actually the intention of the hackers from Russia to intrude different social media networking websites and this gave them the opportunity to spread fake information online such us through Facebook, which the Office of Direction National Intelligence (ODNI) revealed few months ago.

However, Electronic Privacy Information Center (EPIC) made a decision to sue ODNI for releasing the complete report of January under the Freedom of Information Act (FOIA).

According from the report through epic.org, EPIC wants the ODNI to provide the complete assessment regarding the interference of the hackers from Russia during the election in the United States last year. The filed legal case also indicates that the ODNI failed to provide the right decision about processing the FOIA request from EPIC immediately.

Based on the report also, the issue about the Russian interference is a serious one and bothers many US citizens because of privacy concern.

The reported information through Fortune believe that the Chief Executive Officer (CEOI) of the social media giant Nark Zuckerberg somehow is revealing interest to listen about the latest privacy issues. Just like his most recent announcement, he revealed about their plans in altering some of their promotional strategies or practices to improve its transparency to the users and provide clear political advertisement sources that run through Facebook.

 

Even though this kind of decision is a positive indication, it still needs to adhere to the existing guidelines in terms of selling political ads online. Unfortunately, the Internet remains under the control of Federal Elections Commission (FEC) in case the objective is to assure an accountable and fair election. The news report added that the Congress sent a letter to the FEC already to update the current advertisement laws that will not allow governments of other countries from utilizing the promotional platforms online in influencing the voters.

These certainly include platforms or social media networks like Facebook and Twitter.

With the continuing increase of internet frauds and privacy issues, it is very important for web-based companies to give the best protection to their valued users and consumers. Countless of abusive hackers and scammers out there are just waiting for the right time to steal personal data from their targeted victims such as in the United States and across the globe.

As for many social media users, it is advisable to become aware of the different issues that might compromise them and not just using the Internet without knowledge.

 

 

 

 

 

Latest IPhone X Face ID Feature, Not Easy to Hack and Access Says Apple  

Despite all the positive reviews and feedback about the newest Apple gadget known as the iPhone X, it appears that there is an important concern that the users need to consider for owning one. Based on the latest shared news reports online, this latest innovative gadget by the popular electronic device maker easily permits the law enforcement to reveal the personal information of the user.

This can permit the authority to access the information through the facial recognition.

Even if the device features an interesting no lifting finger when unlocking the phone as designed by Apple, there might be possible concern about invasion of privacy that affects the users. According to the reports, the newest facial recognition feature of the iPhone X might potential give the law enforcement to access the personal information of those people who are using such electronic mobile device.

This also means that the police authority does not need to issue a warrant because the included Face ID feature gives them easier access to the information of the user even without asking for permission.

Without any doubt, Apple Inc. has produced many innovative electronic devices and proved its impressive reputation in the advancing technology. The announcement on Tuesday about the latest units of the giant tech company is another breakthrough to consider. On the other hand, the spreading issue about the unsure protection of the users’ personal information with the latest iPhone X somehow bothers the public.

According to the shared information through Forbes, Apple designed this latest unit to easily unlock the phone without requiring finger touching because it can open through the Face ID. It revealed this intriguing feature during the launching on Tuesday held at the Steve Jobs Theater.

From the statement of Phil Schiller as detailed by forvbes.com, he revealed that the Face ID will learn the face of the user and has the capacity to adapt in recognizing the changes on the appearance of the user. With the inclusion of an advanced TrueDepth camera system on the mobile device, it will not fail in recognizing the exact user because the camera has impressive technological features already.

Schiller added that the giant tech company likewise worked with some experts in Hollywood for mask testing attacks. Apple believes that there is only a very slight chance that a stranger can unlock the phone if owned by a different user whose face had been firstly recognized by the device.

Phil Schiller is the Senior Vice President of Apple Inc.

Unfortunately, the convenience that this latest Apple device offers the users is somehow troubled due to the privacy security issue. Based on the observation of some knowledgeable individuals about the problem, it may be possible now for the law enforcement to access personal information through the Face ID identifier. Unlike the usual Touch ID, the police authority cannot easily access the data because it requires the fingerprint of the user, which they believe is safer than the latest unlocking system.

Some concern individuals even posted their opinion through Twitter and published through rt.com online. They expressed what they think is the possible effective of the newest iPhone X facial recognition feature.

From the shared information through Wired, there is an instance back in 2009 that by simply using a printed image of the person who owns the device, it is possible to fool the facial recognition feature once it scanned the picture. This just proves that strangers can still defeat such security feature from an electronic device.

However, Apple revealed that the users need not to worry because the TrueDepth camera system uses a special infrared lighting that recognizes almost 30,000 unseen dots on the face of the user and so it is not possible for anyone to unlock the device illegally through the latest Face ID.

The giant tech company does not agree that it can be hacked by anyone.

Equifax Inc. Confirms Data Breach, Affects 143M Individuals in America

From the latest news reports online, another credit company has experienced data breach that might affect almost 143 million individuals in the United States. Equifax Inc. already confirmed the problem and investigating at it closely.

Almost 209,000 credit card numbers were compromised with this latest data breach.

According from the news of rt.com, Equifax Inc. already confirmed the data breach that affected their system and compromised almost 209,000 credit card numbers. Furthermore, the giant credit reporting company revealed that this latest system’s breach might just affect almost 143 million residents of America too.

If this happens, this will be the largest data breach in the history of US because of exposing confidential information in danger.

 

Equifax revealed the data breach on Thursday, which they started to discover last July 29. The reporting agency is serious about saying that this particular system failure might just affect millions of American consumers with a huge impact because of the compromised data.

 

This particular company is actually one of the top organizations in America that is responsible in computing the credit scores of Americans and this is the reason why it has access to millions of personal information from these people. Likewise, it has control in the available confidential financial data of millions of people living in the US over the Internet, particularly adults.

 

Based on the shared report through wired.com, Equifax believe that the hackers were able to access their system in the middle of May until the month of July. They successful linked a web application, which made it easier for them to access the data in vulnerability. The report added that they accessed the Social Security Numbers, names of people, home addresses, and dates of birth, credit card numbers and even license numbers for driving.

 

In addition to this data breach, the hackers managed to access personal information of “dispute documents” (approximately 182,000) since they began penetrating the system of the company.

 

It may be clear that millions of Americans will experience the negative effective of this particular breach in the coming years. One reason is that the stolen or compromised data by the hackers can be utilized in different unlawful purposes if their intention is to manipulate the data for their personal interest.

 

Equifax likewise has access to different information from banking institutions, retailers, credit card firms and even lending companies in the US.

 

From the released statement by the reporting agency online, it said that the hackers successfully exploited a website application in America and immediately gained access to the documents or files they targeted few months ago.

 

In line with this issue, Richard Smith already released a statement that apologizes to the affected consumers and clients. He added that the reporting company understands the exact impact of the data breach and is doing everything to protect the involved data, as detailed by the CNBC.

 

Richard Smith is the Chairman and Chief Executive Officer (CEO) of Equifax Inc.

 

In an effort to keep the consumers and clients aware, they already send mails to these people as part of the notification. The sent mails particularly target those who have exposed data after the breach. In addition, the ongoing investigation has the coordination of the state and federal authorities to investigate the problem cautiously.

 

The news report through wired.com added that the company provided a legitimate website known as equifaxsecurity2017.com to allow people check their data online and verify if they are among the affected US residents by the hackers. The news added that it may be possible that some people who live in Canada and in UK have compromised data as well.

 

Equifax now offers residents of America with free credit checking as well as insurance policy for identity theft.

 

After learning about the breach, at least 3 senior executives of Equifax already sold their shares amounting to $1.8 million, the news added.

Security Lapse Exposed Thousands of Sensitive Files from US Citizens, TigerSwan Explains  

From the latest shared news information through rt.com, a recruitment agency in the United States failed to keep the stored personal data of almost 9,400 individuals and the public were able to view them because of huge security lapse or negligence.

 

Based on the report, the data contain sensitive files of former intelligence, military and government personnel in America.

 

The problem arises when they discovered the thousands of confidential files of the former personnel or workers in an incorrect public-facing could server of Amazon. The almost 9,400 filed are containing the personal data of different former or ex military personnel, government and intelligence employees.

They recognized some of the exposed data as Top Secret security clearances.

According to the report of Gizmodo, the clearances are from those people who work at TigerSwan, which is a private cyber security agency based in North Carolina.

A researcher from the UpGuard Company discovered the exposed confidential files in a folder specified as “resumes.” After checking them, they found out that these are thousands of Curriculum Vitae records or CVs from citizens of America and some are classified of Top Secret security clearances.

From these files, they include those from people who worked from the National Security Agency (NSA), Central Intelligence Agency (CIA), United States Secret Service, Military and other government firms in the country.

“A cursory examination of some of the exposed resumes indicates not merely the varied and elite caliber of many of the applicants as experienced intelligence and military figures, but sensitive, identifying personal details,” stated UpGuard as quoted by Gizmodo online.

 

The researcher who discovered the security lapse is Chris Vickery.

As from the report of the Hill, there are also exposed sensitive files or data containing the CVs of an employee from the United Nations and a chief of police who worked in Middle East. Moreover, there are revealed information in public about particular citizens of Afghanistan and Iraq who had linked and worked together with the military of the US.

Gizmodo likewise revealed that some affected individuals in this kind of security lapse have involvement to sensitive operations before such as an applicant who is responsible in transporting the activation codes of a nuclear and weapon elements too. This kind of job is definitely a confidential and a high profile task to consider and must not be exposed in public.

It appears that the issue about the security lapse needs the full attention of the authorities.

From the exposed data, they include the home addresses, personal contact details, personal emails and phone numbers of the affected individuals. Although the leak of security lapse is pointing out TigerSawan as responsible, the private security agency however is blaming TalentPen for the problem.

“At no time was there ever a data breach of any TigerSwan server,”said TigerSwan as cited by the news online.“All resume files in TigerSwan’s possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants,” the security company added.

 

TalentPen is actually a hired outsourcing service that process applicants for new jobs.

 

In line with this issue, Vickery likewise said that he is hoping that no other abusive people had discovered the exposed confidential files. This is truly important because they might utilize them for unlawful activities without the knowledge of the exact owners, which can even compromise their identities.

 

It was only on August when they delete the files from the cloud server since the UpGuard researcher discovered them last July, added by the news online. With the many online hackers today who steal personal information illegally, it is very important for any company or business to safeguard all important details to avoid any kind of hacking incident.

1 2 3