Recent research confirms that a third of the internet is under attack, with millions of network addresses subjected to DDoS attacks over a two year period (source). And as I write these monthly hacks and breaches reviews, this statement comes as no surprise. Just because it’s officially the holiday season, it doesn’t mean that hackers will be slowing down. Here’s a roundup of some of November’s notable hacks and breaches.
On the 14th of November, clothing retailer Forever 21 warned shoppers of a payment card breach following a security breach. The breach allowed hackers to access unauthorized data including payment cards used in a number of its retail stores. The retailer did not confirm which stores were affected, however it did note that the breach may affect customers who shopped between March and October of this year. In 2015, the retailer rolled an encryption and tokenization solution to secure its POS system, however the solution was not in operation in all Forever 21 locations for an unknown reason.
A week later, on the 21st of November, news broke that Tether, a start-up providing cryptocurrency tokens, was hacked. Systems were broken into by a hacker who managed to steal approximately $31 million in tokens.
That same day, Uber made its way to the headlines yet again – but this time with a data breach. The company suffered a massive data breach back in October 2016 which exposed the personal data of around 57 million customers and drivers. In a blog post, Uber’s new CEO writes that the breach exposed names, email addresses, phone numbers, driver’s info along with driver license numbers. Furthermore, instead of disclosing the breach at the time, the company paid $100,000 in ransom to the hackers in exchange for deleting the information and for keeping this breach a secret.
A the month came to a close, Imgur, a popular image sharing site, disclosed that it suffered a major data breach in 2014. The data breach compromised email addresses and passwords of 1.7 million accounts. Imgur published a blog post and wrote that they were notified of the data breach on the 23rd of November after a security researcher emailed them about the stolen data.
On the 27th of November, news broke that the popular Bulletproof Coffee was successfully hacked and the stolen information includes customers full names, addresses, email addresses, credit card numbers, expiration dates, and CVV codes. The energy-boosting, butter-infused beverage “discovered unauthorized computer code added to the software” in the checkout section of their website. According to the company’s investigation, the unauthorized code was potentially capturing information entered by users during the checkout process between May and October of this year.
Viewing on a mobile? Click the infographic to enlarge.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.