39 replies to this topic

[AplusWebMaster]

FYI...

Snapchat leak - 4.6 million users ...
- http://bgr.com/2014/...bers-usernames/
Jan 1, 2014 - "Snapchat users beware: someone has posted the phone numbers and usernames of more than 4.6 million accounts on the site SnapchatDB*, freely available as an SQL dump or CSV text file for anyone to download. The last two digits of each phone number have been censored “in order to minimize spam and abuse”... This giant leak comes just days after Gibson Security’s latest interview in which the company warns of Snapchat’s vulnerabilities. According to Gibson Security, the Snapchat team had taken far too long to address some very serious issues with the coding of the software, and had left the application wide open to exploits that could compromise user information... SnapchatDB claims that the database represents “a vast majority of the Snapchat users”... “This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue,” says the owner of SnapchatDB. “The company was too reluctant at patching the exploit until they knew it was too late and companies that we trust with our information should be more careful when dealing with it.”
* UPDATE: SnapchatDB .info has been suspended and is no longer available.

- http://www.reuters.c...E9BU0K820131231
Dec 31, 2013 - "Snapchat, Vine, and Candy Crush Saga earned coveted spots on smartphones this year, making them among the most downloaded apps of the year..."
 

[AplusWebMaster]

FYI...

Skype hacked to spread anti-MS messages
- http://www.theregist...osoft_messages/
2 Jan 2014 - "Entities claiming to represent the Syrian Electronic Army (SEA) have hacked Skype's social media presences and used them to post anti-Microsoft messages. Here's one of the defacements, from Skype's Twitter account.
'http://regmedia.co.u...witter_hack.png
... Skype's blog was also accessed and quickly became host to posts calling for Skype to stop allowing the NSA to access its back end... Skype wrestled control of its social media properties back from the alleged SEA members. The VoIP service has since posted the following all-clear to Twitter.
'You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience. 8:13 PM - 1 Jan 2014'..."

- https://isc.sans.edu...l?storyid=17330
Last Updated: 2014-01-01 23:00:26
 

Edited by AplusWebMaster, 02 January 2014 - 07:28 AM.

[AplusWebMaster]

FYI...

Neiman Marcus - Hacks steal card data...
- http://krebsonsecuri...-neiman-marcus/
Jan 10, 2014 - "... upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards... while it appears the fraud on those stolen cards was perpetrated at a variety of other stores, the common point of purchase among the compromised cards was Neiman Marcus... Neiman Marcus spokesperson Ginger Reeder said the company does not yet know the cause, size or duration of the breach, noting that these are questions being sought by a third-party forensics firm which has yet to complete its investigation. But she said there is no evidence that shoppers who purchased from the company’s online stores were affected by this breach... Neiman Marcus’s Reeder said the company has no indication at this time that the breach at its stores is in any way related to the Target attack. Still, the timing of the discovery of the Neiman Marcus incident — mid-December — roughly corresponds to the discovery of the Target breach..."
___

- http://www.darkreadi...endly=this-page
Jan 13, 2014 - "...  Target's CEO told CNBC... that malware was found on its PoS registers, and Neiman Marcus has confirmed a breach of customer payment cards..."
 

Edited by AplusWebMaster, 14 January 2014 - 06:33 AM.

[AplusWebMaster]

FYI...

Yahoo malware attack - greater than anticipated
- http://bgr.com/2014/...malware-attack/
Jan 13, 2014 - "The malware attack that took advantage of Yahoo’s Java-based ad network around Christmas Eve was far greater than anticipated, the company confirmed in a post*... on its help web pages. Initially believed to have affected only European users on January 3, 2014, the malware ad attacks were then said to have occurred during December 31, 2013 – January 3, 2014. But Yahoo on Friday revealed the attack actually took place between December 27, 2013 – January 3, 2014, and affected users outside of the European Union as well. It’s not clear how many users may have been affected by the hack..."
* http://help.yahoo.co...ent&id=SLN22569
Jan 10th, 2014
 

[AplusWebMaster]

FYI...

Security firm IDs malware used in Target attack
- http://www.computerw...n_Target_attack
Jan 16, 2014 - " A security company that worked with the U.S. Secret Service to investigate the data breach at Target identified the malware used in the attack as a sophisticated derivative of a previously known Trojan program designed to steal data from Point-of-Sale (POS) systems. In a report released Thursday, iSight Partners identified the tool as Trojan.POSRAM, which it described as software that can find, store and transmit credit card and PIN numbers from POS systems. The Trojan is being used in a "persistent, wide ranging, and sophisticated" cyber campaign dubbed KAPTOXA targeting "many operators" of POS systems, the company warned. Some affected companies may not yet know they've been compromised or have already lost data, the iSight report noted... the POSRAM Trojan as a customized version of BlackPOS*, a piece of malware that has been available in the cyber underground since at least last February. Like BlackPOS, the POSRAM Trojan is designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory, just after a credit or debit card is swiped at the terminal. After infecting a POS terminal, the malware monitors the memory address spaces on the device for specific information. When it finds something of interest, the software saves the data to a local file and then transfers it to the attackers at preset times. It then is coded to delete the local file to cover its tracks... At the time the code was discovered, even fully updated antivirus tools would not have been able to detect the malware..."
* http://www.symantec....rabber-blackpos

Malware Targeting Point of Sale Systems
- https://www.us-cert....lerts/TA14-002A
Jan 2, 2014
___

KAPTOXA POS Report
- http://www.isightpar...pos-report-faq/
Jan. 16, 2014
___

Security Considerations for Retail Networks ...
- http://www.securewor...etail-networks/
17 Jan 2014 - "... CTU researchers have observed -multiple- malware families stealing credit card information, but the most recent trend involves scanning memory for data matching the format of track 1 and track 2 data from credit and debit cards. The Alina, BlackPOS, Chewbacca, Dexter, and vSkimmer malware, as well as other malware families, have used similar techniques to collect this data as far back as 2010, and malware authors continually update their malware to avoid detection. POS devices typically include a well-known set of binaries that have little or no variation, so the CTU research team recommends a whitelisting solution in addition to antivirus (AV) software and network-based countermeasures..."
(More detail and recommendations at the URL above.)
 

Edited by AplusWebMaster, 24 January 2014 - 10:30 AM.

[AplusWebMaster]

FYI...

Card breach at Michaels Stores ...
- http://krebsonsecuri...ichaels-stores/
Jan 25, 2014 - "Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States...
Update 1:34 p.m. ET: Michaels has just issued a statement stating that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.”
The statement continues:
    “The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred. We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges”... Sources with four different financial institutions have over the past few days said hundreds of customer cards that recently had been used for fraudulent purchases all traced back to Michaels stores as the common point of purchase..."
 

 

[AplusWebMaster]

FYI...

Target says criminals attacked with stolen credentials from vendor
- http://www.reuters.c...EA0S25Z20140129
Jan 29, 2014 - "Target Corp said on Wednesday that the cyber criminals who breached its system used credentials they -stole- from one of the retailer's vendors. "The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said in a statement. She declined to elaborate on what type of credentials were taken from the vendor."
___

U.S. spy chiefs call for action on data breach disclosure
- http://www.reuters.c...EA0S1AE20140129
Jan 29, 2014 - "U.S. spy agency chiefs on Wednesday called on Congress to draft stricter requirements for how retailers and other private businesses should inform government agencies and customers about big breaches of personal and financial data. The intervention by intelligence chiefs came as Attorney General Eric Holder confirmed that the Justice Department was investigating the massive hacking of consumer data from No. 3 U.S. retailer Target Corp during the holiday shopping season late last year... several congressional committees signaled growing interest in recent data breaches, with the powerful House Oversight Committee scheduling a telephone briefing on Thursday with Target representatives... Congress has been wrestling for years with proposals for legislation on data security, but has been unable to reach agreement. There is no national standard to govern how and when businesses that suffer consumer data breaches must advise their customers and agencies like the U.S. Secret Service and FBI... The Secret Service has taken the lead investigating the recently revealed data breaches at Target and other retailers, including Neiman Marcus and Michaels Companies Inc, the largest U.S. arts and crafts retailer..."
 

[AplusWebMaster]

FYI...

'ChewBacca' hacks targeted retailers in 11 countries: RSA
- http://www.reuters.c...EA0T21120140131
Jan 31, 2014 - "A cyber criminal ring targeting small retailers in 11 countries stole data on 49,000 payment cards using a malicious software known as "ChewBacca" before the operation was shut down... RSA FirstWatch disclosed the attacks on Thursday on its website. It said the firm's researchers uncovered the ring, whose victims included small companies in the United States, Russia, Canada and Australia. They managed to steal details from some 24 million payment card transactions over about two months, according to RSA... The findings from RSA show that the recent spate of attacks extend outside the United States. "The end game is to gain credit card information, so the hackers are going to go wherever it is easiest to get that information," said Will Gragido, senior manager with RSA FirstWatch, the threat research arm of RSA Security. He said his firm provided the FBI with data on the "ChewBacca" operation, including the location of a command-and-control server used by the hackers on Wednesday. That server was shut down on Thursday, according to Gragido... RSA said the hackers used a relatively new piece of malicious software known as -ChewBacca- designed to infect computers such as the point-of-sales systems that process credit card transactions."

- https://blogs.rsa.co...al-information/
Jan 30, 2014

- https://www.secureli...r_based_Malware
___

Yahoo reports breach of some user accounts
- http://www.cnbc.com/id/101378748
30 Jan 2014 | 5:33 PM ET - "Yahoo reported on Thursday that some of its users' e-mail accounts may have been targeted in a security breach of a third-party database... The company notified users that may have been affected to reset their passwords. It has also implemented a second sign-in verification to allow users to re-secure their accounts..."

- http://www.reuters.c...EA0T21H20140131
Jan 30, 2014

- https://isc.sans.edu...l?storyid=17543
Last Updated: 2014-01-31 00:43:22 UTC

- http://yahoo.tumblr....ahoo-mail-users

- https://help.yahoo.com/kb/SLN2080.html

Password Re-Use is the Problem...
- http://garwarner.blo...-attack-on.html
Jan 31, 2014
___

Hotel Franchise Firm White Lodging Investigates Breach
- http://krebsonsecuri...tigates-breach/
Jan 31, 2014 - "White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013... Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year. But those sames sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa. Turns out, the common thread among all of those Marriott locations is that they are managed by Merrillville, Indiana-based White Lodging Services Corporation, which bills itself as “a fully-integrated owner, developer and manager of premium brand hotels.” According to the company’s Web site, White Lodging’s property portfolio includes 168 full service hotels in 21 states, with more than 30 restaurants. White Lodging declined to offer many details, saying in an emailed statement that “an investigation is in progress, and we will provide meaningful information as soon as it becomes available.” Marriott also issued a statement, noting that “one of its franchisees has experienced unusual fraud patterns in connection with it systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels... Sources say the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging — not the property management systems that run the hotel front desk computers which handle guests checking in and out. In the case of Marriott, for example, all Marriott establishments operated as a franchise must use Marriott’s property management system. As a result, the breach impacted only those Marriott guests who used their cards at White Lodging-managed gift shops and restaurants..."

- http://www.whitelodg...ent-card-update
Feb 3, 2014 - "Officials of White Lodging Services Corporation, an independent hotel management company, announce the suspected breach of point of sales systems from the period March 20 - December 16, 2013 at food and beverage outlets, such as restaurants and lounges, at 14 properties..."

Edited by AplusWebMaster, 04 February 2014 - 06:30 AM.

[AplusWebMaster]

FYI...

Over 1 Million Emails and Passwords Exposed ...
- https://www.trusteer...sswords-exposed
Feb 19, 2014 - "The latest media outlet targeted by the Syrian Electronic Army (SEA) is Forbes .com. The hacktivist group was able to breach a database containing email address and password combinations for over a million user accounts, including Forbes contributors. Although the passwords were one-way encrypted, the media outlet recommended users change their passwords. To prove that it carried out the attack and breached the database, the SEA defaced three online articles. It seems that attackers and cybercriminals are increasingly targeting users’ login credentials, which will provide them access to various systems. Only two weeks ago we learned that Yahoo’s email system was breached using credentials stolen from a third party... With login credentials to the user’s account, it is possible to access information stored within the user's account. It is not known what type of information Forbes .com stored about its users. The concern would be exposure of personal and financial data. Credentials to contributors' accounts may actually provide access to systems used by the media outlet to publish news, allowing attackers to post fake news alerts... Users should change their login passwords and avoid reusing password across multiple websites and applications. Organizations should educate employees about the risk in re-using passwords for logging into multiple applications..."

- http://www.databreac...-and-user-data/
Feb 15, 2014

- http://www.databreac...u-do-something/
Feb 18, 2014
 

Edited by AplusWebMaster, 19 February 2014 - 02:36 PM.

[AplusWebMaster]

FYI...

Target failed to act on early alert ...
- http://www.reuters.c...EA2C14F20140313
Mar 13, 2014 - "Target Corp's security software detected potentially malicious activity during last year's massive data breach, but its staff decided -not- to take immediate action... The disclosure came after Bloomberg Businessweek* reported on Thursday that Target's security team in Bangalore had received alerts from a FireEye Inc security system on November 30 after the attack was launched and sent them to Target headquarters in Minneapolis... The FireEye reports indicated malicious software had appeared in the system... The alert from FireEye labeled the threat with the generic name "malware.binary"... experts said that they believed it was likely that Target's security team received hundreds of such alerts on a daily basis, which would have made it tough to have singled out that threat as being particularly malicious..."
* http://www.businessw...redit-card-data
Mar 13, 2014 - "... On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers — first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia — FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …
Nothing happened.
For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweek spoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers — and 70 million addresses, phone numbers, and other pieces of personal information — gushed out of its mainframes..."
 

 

Edited by AplusWebMaster, 28 April 2014 - 09:34 AM.

[AplusWebMaster]

FYI...

Canada taxpayer data stolen in Heartbleed breach
- http://www.reuters.c...EA3D0XZ20140414
Apr 14, 2014 - "Canada's tax-collection agency reported on Monday that the private information of some 900 people had been stolen from its computer systems as a result of vulnerabilities caused by the 'Heartbleed' bug. The breach allowed someone to extract social insurance numbers, which are used for employment and gaining access to government benefits, and possibly some other data, the Canada Revenue Agency said... Police are investigating and the country's privacy commissioner has been informed, it said. Right in the heart of tax-filing season, the CRA shut down access to its online services last Wednesday because of the bug, which is found in widely used Web encryption technology..."

 

Canadian charged in 'Heartbleed' attack on tax agency
- http://www.reuters.c...EA3F1KS20140416
Apr 16, 2014 - "Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the "Heartbleed" bug to steal taxpayer data from a government website, the Royal Canadian Mounted Police (RCMP) said on Wednesday. In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site. The suspect, Stephen Solis-Reyes, was arrested at his home in London, Ontario on Wednesday and faces criminal charges of unauthorized use of computer and mischief in relation to data... Police seized Solis-Reyes computer equipment and scheduled his court appearance for July 17, 2014..."
___

- https://blogs.akamai...-update-v3.html
April 13, 2014 7:20 PM - "Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys.  We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community.  The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for improving the openssl codebase. In short: we had a bug. An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others. In particular, we only try to protect d, p, and q, but not d mod (p-1), d mod (q-1), or q^{-1} mod p.  These intermediate extra values (the Chinese Remainder Theorem, or CRT, values) are calculated at key-generation time as a performance improvement. As the CRT values were not stored in the secure memory area, the possibility exists that these critical values for the SSL keys could have been exposed to an adversary exploiting the Heartbleed vulnerability. Given any CRT value, it is possible to calculate all 6 critical values. As a result, we have begun the process of rotating all customer SSL keys/certificates.  Some of these certificates will quickly rotate; some require extra validation with the certificate authorities and may take longer. In parallel, we are evaluating the other claims made by the researcher, to understand what actions we can take to improve our customer protection."

- https://blogs.akamai...-a-history.html
April 16, 2014 - "In the interest of providing an update to the community on Akamai's work to address issues around the Heartbleed vulnerability, we've put together this outline as a brief summary:
• Akamai, like all users of OpenSSL, was vulnerable to Heartbleed.
• Akamai disabled TLS heartbeat functionality before the Heartbleed vulnerability was publicly disclosed.
• In addition, Akamai went on to evaluate whether Akamai's unique secure memory arena may have provided SSL key protection during the vulnerability window when we had been vulnerable; it would not have.
• Akamai is reissuing customer SSL certificates, due to the original Heartbleed vulnerability...
We are currently reviewing a revised version of our secure memory arena with some external researchers and developers.  Once we are more confident that it more closely achieves its goals, we will contribute this code to the community. We also plan to evaluate how we can better collaborate and support the open source community."
 

Edited by AplusWebMaster, 16 April 2014 - 10:24 PM.

[AplusWebMaster]

FYI...

3 Million Credit, Debit Cards stolen in Michaels, Aaron Brothers breaches
- http://krebsonsecuri...thers-breaches/
Apr 17, 2014 - "Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards. The disclosure, made jointly in a press release* posted online and in a statement on the company’s Web site**, offers the first real details about the breach... The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing. “After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,” the statement reads. The Michaels breach first came to light just weeks after retail giant Target Corp. said that cyber thieves planted malware on cash registers at its stores across the nation, stealing more than 40 million credit and debit card numbers between Nov. 27 and Dec. 15, 2013. That malware was designed to siphon card data when customers swiped their cards at the cash register. According to Michaels, the affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. The company says there is no evidence that other customer personal information, such as name, address or debit card PIN, was at risk in connection with this issue... Regarding Aaron Brothers, Michaels Stores said it has confirmed that between June 26, 2013 and February 27, 2014, 54 Aaron Brothers stores were affected by this malware..."
* http://www.businessw...-Security-Issue
Apr 17, 2014

** http://www.michaels....default,pg.html
Apr 17, 2014

- http://www.reuters.c...EA3G27N20140417
Apr 17, 2014
 

Edited by AplusWebMaster, 17 April 2014 - 10:04 PM.

[AplusWebMaster]

FYI...

Verizon 2014 Data Breach Investigations Report
- http://www.verizonenterprise.com/DBIR/
"The 2014 Data Breach Investigations Report (DBIR) casts new light on threats — taking 10 years of forensic data and finding that 92% of these can be categorized into nine basic attack patterns. This approach also helps identify primary threats to your industry, which you can analyze to reinforce your defenses."

- http://www.verizonen...R/2014/insider/

Infographic
- http://www.verizonen...-2014_en_xg.pdf
 

[AplusWebMaster]

FYI...

Bitly: Regarding Your Account ...
- http://blog.bitly.co...r-bitly-account
UPDATE #4 - MAY 11 at 11:33AM EDT: We are sending an email to all users from the domain bitlysupport .com outlining the steps to secure your account. If you have already followed the steps to secure your account, you do not need to do so again.
UPDATE #3 - MAY 9 at 2:45PM EDT: We have updated this post to address questions regarding the Bitly iPhone app.
UPDATE #2 - MAY 9 at 10:25AM EDT: "We have updated this post to explain what specifically was compromised and we’re encouraging all of our users to secure their Bitly accounts by following the recommendations listed below."
UPDATE #1 - MAY 8 at 8:32PM EDT: "We have updated the section of this post regarding users who have Twitter or Facebook accounts connected to their Bitly accounts.
We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts..."
___

OAuth, OpenID Security Issues Could Leak Data, Redirect Users
- http://atlas.arbor.n...ndex#-527940361
Elevated Severity
9 May 2014

- http://www.databreac...-bitly-account/
May 8, 2014
 

Edited by AplusWebMaster, 13 May 2014 - 05:58 AM.

[AplusWebMaster]

FYI...

eBay to ask users to Change Passwords ...
- http://www.ebayinc.c...hange-passwords
5.21.2014 - "eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users... Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today. The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts..."

- http://atlas.arbor.net/briefs/
High Severity
May 29, 2014
Analysis: Attackers were able to access customers' names, email addresses, encrypted passwords, and more. Attackers stole employee credentials to access the corporate network, though eBay has not stated how that was accomplished.
Source: http://www.forbes.co...you-need-to-act
Since confirmation of the data breach, another security flaw has been discovered in eBay's website: a XSS (cross-site scripting) vulnerability could be used to inject attack code and grab cookies from logged-in users.
Sources: https://cehsecurity....ng-xssxml-code/
- http://www.pcworld.c...rcher-says.html
eBay users should change their passwords immediately, as well as any websites where the password may have been reused. However, the same password should not be used across different sites, as ramifications of one site's compromise could affect other sensitive user accounts.
 

Edited by AplusWebMaster, 30 May 2014 - 02:00 PM.