Forever 21 Breach Compromised Customers’ Credit Card Information


Another major retailer was breached last year as Forever 21 has now confirmed that point of sale terminals at various stores across the country were breached for the most part of 2017. This resulted in the credit card information of countless customers being leaked. Forever 21 hasn’t said precisely how many customers have been affected by this.

Forever 21 has confirmed that many of its point of sale terminals at retail stores across the United States were breached between April 3rd and November 18th, 2017. It’s unclear at this point in time who is behind this.

The retail chain has also confirmed that in most cases, the breach compromised card numbers, expiration dates, and verification codes but not cardholder names. It also adds that in some cases, the hackers were also able to obtain cardholder names. In other cases, credit card data that was stored in system logs before April 3rd was also compromised.

Forever 21 uses encryption to protect its payment processing system but it turns out that in some stores the encryption was disabled sometimes. This left the point of sale terminals vulnerable to malware. During the full period of this breach, not every terminal in every store was affected and not every store was impacted.

Forever 21 is now investigating if stores outside the United States have been affected as well. The malware didn’t impact purchases made through its website. It’s now working with security firms to improve its security measures.

Forever 21 Breach Compromised Customers’ Credit Card Information , original content from Ubergizmo. Read our Copyrights and terms of use.

More...

Forever 21 Breach Compromised Customers’ Credit Card Information


Another major retailer was breached last year as Forever 21 has now confirmed that point of sale terminals at various stores across the country were breached for the most part of 2017. This resulted in the credit card information of countless customers being leaked. Forever 21 hasn’t said precisely how many customers have been affected by this.

Forever 21 has confirmed that many of its point of sale terminals at retail stores across the United States were breached between April 3rd and November 18th, 2017. It’s unclear at this point in time who is behind this.

The retail chain has also confirmed that in most cases, the breach compromised card numbers, expiration dates, and verification codes but not cardholder names. It also adds that in some cases, the hackers were also able to obtain cardholder names. In other cases, credit card data that was stored in system logs before April 3rd was also compromised.

Forever 21 uses encryption to protect its payment processing system but it turns out that in some stores the encryption was disabled sometimes. This left the point of sale terminals vulnerable to malware. During the full period of this breach, not every terminal in every store was affected and not every store was impacted.

Forever 21 is now investigating if stores outside the United States have been affected as well. The malware didn’t impact purchases made through its website. It’s now working with security firms to improve its security measures.

Forever 21 Breach Compromised Customers’ Credit Card Information , original content from Ubergizmo. Read our Copyrights and terms of use.

More...

Imgur Hack Resulted In 1.7 Million Accounts Being Compromised


Popular photo-sharing website Imgur has confirmed that it was notified of a potential security breach earlier this week that occurred in 2014. The site says that the hack resulted in 1.7 million Imgur accounts being compromised. The leaked data includes email addresses and passwords of users. Imgur continues to investigate the intrusion and promises to inform users as quickly as possible to what it knows and what it’s doing in response.

Imgur received an email earlier this week from a security researcher who frequently deals with data breaches. The researcher believed that he was sent data which included information of Imgur users.

The website’s team arranged to securely receive the data from the researcher and then started working on validating the data that belonged to its users.

Imgur confirmed a couple of days back that approximately 1.7 million user accounts were compromised back in 2014. The compromised information includes only email addresses and passwords. Since the website never asks for real names, addresses, phone numbers or other personally identifying information, no such information of that kind was leaked.

The website is investigating how this breach happened. It reiterates that users’ passwords are always encrypted in its database. It believes that the encryption may have been cracked with brute force due to an older hashing algorithm that was used back then. Imgur updated its algorithm to the new bcrypt algorithm last year.

Affected users have already been notified of the breach. Those who were Imgur users with accounts back then should probably change their passwords out of an abundance of caution.

Imgur Hack Resulted In 1.7 Million Accounts Being Compromised , original content from Ubergizmo. Read our Copyrights and terms of use.

More...

Google Patches Krack Wi-Fi Vulnerability In November Security Patch


Google today released its Android security patch for the month of November. Aside from bringing fixes for countless bugs discovered in its operating system, the patch also brings the fix for the widespread Wi-Fi vulnerability known as Krack. It’s a weakness in the WPA2 security protocol for Wi-Fi networks. Discovered several weeks ago, Google has now finally patched Krack on Android devices.

Security researchers detailed their findings about the Krack Wi-Fi vulnerability in mid-October. Attackers could eavesdrop on traffic between a computer and an access point, traffic that was assumed to be encrypted. The exploit would have enabled them to remotely inject code into target devices and even steal data.

Given that Krack was a vulerability in the Wi-Fi security protocol, it meant that any Wi-Fi-enabled device was most likely vulnerable. The researchers did point out that Linux and Android 6.0+ devices were particularly vulnerable as they could be duped into installing an all-zero encryption key.

Google has patched this vulnerability for devices running Android 5.0.2 Lollipop and up. Now that it has released the patch for Krack, its OEM partners will combine this with their own security releases and roll out the Krack patch for countless Android-powered devices across the globe.

It’s going to take a couple of weeks, though, because that’s just how the update process works on Android devices.

Google Patches Krack Wi-Fi Vulnerability In November Security Patch , original content from Ubergizmo. Read our Copyrights and terms of use.

More...