Recent research confirms that a third of the internet is under attack, with millions of network addresses subjected to DDoS attacks over a two year period (source). And as I write these monthly hacks and breaches reviews, this statement comes as no surprise. Just because it’s officially the holiday season, it doesn’t mean that hackers will be slowing down. Here’s a roundup of some of November’s notable hacks and breaches.
On the 14th of November, clothing retailer Forever 21 warned shoppers of a payment card breach following a security breach. The breach allowed hackers to access unauthorized data including payment cards used in a number of its retail stores. The retailer did not confirm which stores were affected, however it did note that the breach may affect customers who shopped between March and October of this year. In 2015, the retailer rolled an encryption and tokenization solution to secure its POS system, however the solution was not in operation in all Forever 21 locations for an unknown reason.
A week later, on the 21st of November, news broke that Tether, a start-up providing cryptocurrency tokens, was hacked. Systems were broken into by a hacker who managed to steal approximately $31 million in tokens.
That same day, Uber made its way to the headlines yet again – but this time with a data breach. The company suffered a massive data breach back in October 2016 which exposed the personal data of around 57 million customers and drivers. In a blog post, Uber’s new CEO writes that the breach exposed names, email addresses, phone numbers, driver’s info along with driver license numbers. Furthermore, instead of disclosing the breach at the time, the company paid $100,000 in ransom to the hackers in exchange for deleting the information and for keeping this breach a secret.
A the month came to a close, Imgur, a popular image sharing site, disclosed that it suffered a major data breach in 2014. The data breach compromised email addresses and passwords of 1.7 million accounts. Imgur published a blog post and wrote that they were notified of the data breach on the 23rd of November after a security researcher emailed them about the stolen data.
On the 27th of November, news broke that the popular Bulletproof Coffee was successfully hacked and the stolen information includes customers full names, addresses, email addresses, credit card numbers, expiration dates, and CVV codes. The energy-boosting, butter-infused beverage “discovered unauthorized computer code added to the software” in the checkout section of their website. According to the company’s investigation, the unauthorized code was potentially capturing information entered by users during the checkout process between May and October of this year.
Viewing on a mobile? Click the infographic to enlarge.
- A Simple Coding Error Put Millions of Smartphone Users at Risk: What You Need to Know
- October 2017: Top Hacks and Breaches [INFOGRAPHIC]
- Top Mobile Hacks of 2017 [INFOGRAPHIC]
Latest posts by Arden Rubens (see all)
- Uses CxSAST to Develop Secure Software - May 17, 2018
- CxSAST for Amazon Web Services - May 15, 2018
- Amazon’s Alexa could be tricked into snooping on users, say security researchers - May 7, 2018