What you need to know for your personal cyber security life…
Tenth in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.
# # #
Clinkle Gets Hacked Before It Even Launches
By Jordan Crook
January 30, 2014
Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $30 million from big-name investors, has yet to publicly launch. But that doesn’t mean it can’t be hacked.
Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle employees who are testing the app.
Founder Lucas Duplan is on the list (yep, that’s his Clinkle profile pic, shown above), as well as former Netflix CFO and Clinkle COO Barry McCarthy. Former PayPal exec Mike Liberatore, now Clinkle CFO, is also listed.
The data was seemingly accessed through a private API that Clinkle has in place. Referred to by the hacker as “typeahead”, the API appears to be the basis of an autocomplete tool, allowing uses to type a single letter (like ‘A’) and find all usernames starting with that letter (like ‘Adam’ and ‘Andrew’). [Note: Twitter has a similar tool with the same name — it’s unclear if they’re one and the same.]
# # #
Yahoo resets passwords after email hack
By Jeremy Kirk
IDG News Service
January 30, 2014
Yahoo has been resetting email accounts that were targeted in an attack apparently aimed at collecting personal information from recently sent messages, the company said Thursday.
The list of usernames and passwords used for the attack was likely collected when another company’s database was breached, Jay Rossiter, a Yahoo senior vice president, said in a blog post. He didn’t name the third party or say how many accounts were affected.
“We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack,” Rossiter wrote.
The hackers used a malicious software program to access Mail accounts with the stolen usernames and passwords, he wrote.
# # #
Target Hackers Tapped Vendor Credential
By Mathew J. Schwartz
Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer.
“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Target spokeswoman Molly Snyder said Thursday via email.
Target declined to identify the vendor whose credentials attackers had obtained, though confirmed that the attack vector has been blocked. “As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access,” she said. “Since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues.”
Target’s attackers ultimately stole 40 million credit and debit cards collected by the retailer’s point-of-sale (POS) systems, set up a server inside Target’s network to collect that stolen data, then regularly sent it in batches via FTP to a server in Russia. Attackers also stole personal details pertaining to 70 million Target customers.
While Target declined to disclose further details from its investigation, security journalist Brian Krebs reported Wednesday that Dell SecureWorks this week released a private report to some of its clients, which suggests that Target’s attackers gained access to Performance Assurance for Microsoft Servers, which is IT infrastructure management software sold by BMC Software.
# # #
New questions about patient privacy at North Country Hospital
NEWPORT, Vt. – North Country Hospital in Newport received a regulatory citation from the Center for Medicare and Medicaid after two unauthorized employees viewed confidential medical records. It was discovered last fall that the hospital was not conducting proper surveillance when CMS made an unannounced visit.
“Medical information from two patients’ records was accessed by two people without, who did have the need to know, they were not involved in the individual’s direct care,” said Fran Keeler of the Vt. Division of Licensing and Protection.
Newport residents say this breach raises concerns about patient privacy.
“You have to know your records are safe. People shouldn’t be looking at records that they’re not entitled to look at,” said Brandie Barton of Newport.