Russian Hacker Claims To Have Infiltrated Both Wall Street Journal and Vice - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


Russian Hacker Claims To Have Infiltrated Both Wall Street Journal and Vice

The Wall Street Journal and Vice allegedly got hacked this week by Russian hacker W0rm, who claimed to be selling their databases for one Bitcoin each. This should sound familiar as CNET faced a similar breach last week.  

As was the case with CNET, W0rm tweeted about the breaches and also claimed to be selling both user information and server credentials on his online hacking marketplace, According to PCWorld, IntelCrawler believes the breach occurred as a result of an SQL injection vulnerability. 

On July 22, the Wall Street Journal reported that its publisher, Dow Jones & Co., had taken computer systems off-line after confirming that systems containing news graphics had been hacked by outside parties. 

According to SC Magazine, a Vice spokesperson confirmed that a content management system had been breached, exposing email addresses and hashed passwords. Both publications believe that user accounts were not affected by the breach.

European Central Bank – What’s worse than getting hacked? Getting hacked and blackmailed—which is what happened to the European Central Bank last week. On July 24, the ECB announced that contact information had been stolen from the bank’s public website. 

The ECB only realized that the breach had occurred upon receiving an anonymous email asking for money in exchange for the stolen contact information. 

Some of the breached data was encrypted, but it also included un-encrypted email addresses, street addresses, and phone numbers, from a database that contained event registrations for conferences and other visits. The ECB contacted customers whose email addresses were affected, and have started an investigation with the German police.

The latest victim in a long string of retail breaches this year may have been a charity. Last Friday, Goodwill announced that it was investigating a credit card breach. As of Monday, Goodwill spokesperson Lauren [entity display="Lawson" type="organization" subtype="company" active="true" key="lawson" natural_id="fred/company/2580"]Lawson[/entity] said investigators are still “working to understand if and how a data compromise might have occurred.” Goodwill’s 165 headquarters in the U.S. and Canada don’t all have the same point of sale system, meaning that some of the stores could have been compromised without all of them suffering a breach.  

While Goodwill as a whole hasn’t commented on specific developments in the investigation, local Goodwills are announcing that their locations were not affected by the breach. 

This is good news for keeping the breach contained, but one would hope that all Goodwills will achieve the same high level of security.

StubHub – It’s much more common to read headlines about data breaches than cyber arrests, but law enforcement scored big in the fight against cyber crime last week. Six alleged cyber criminals were arrested from an international cyber ring that hacked StubHub’s website, making $1.6 million by reselling stolen tickets. 

The scheme involved two Russian hackers who accessed StubHub’s website, logging into over 1,600 customers’ accounts (no one knows where they got the log-in information) and using their payment information to fraudulently purchase over 3,600 tickets. Three Americans then allegedly re-sold the stolen tickets, placing the profits in PayPal accounts in addition to wiring money to Canada and the UK. 

One of the alleged Russian hackers was arrested earlier this month in Spain, while another hacker and a money launderer involved with the scheme remain in Russia under indictment by the Manhattan D.A.’s office. 

Two of the three indicted Americans were arraigned last Wednesday right after the case was announced. According to the AP, the third American was arraigned Friday after returning home from his honeymoon a week early to address the charges and show respect to the court.

Self Regional Healthcare – It’s a familiar story—a laptop containing unencrypted sensitive data gets stolen, and suddenly an organization is looking at a major data breach. On July 23, South Carolina-based Self Regional Healthcare announced that two people had broken into one of Self Regional’s facilities and stolen a laptop on May 27. 

Upon arrest, the alleged perpetrator claimed to have dumped the laptop in a lake without having accessed the information on the computer, but the laptop was never found in the bottom of the lake. Self Regional says it is investigating and notifying individuals, as someone might have had access to patients’ protected health information, which includes everything from Social Security numbers to insurance policy names and diagnoses.

Women & Infants Hospital of Rhode Island – This week, the Massachusetts General Attorney announced that Women and Infants Hospital of Rhode Island hospital must pay $150,000 in damages for a data breach that compromised more than 12,000 Massachusetts’s residents’ personal information.  

Two years ago, the hospital shipped 19 unencrypted backup tapes to its parent company, Care New England Health System, and then offsite for archiving. The tapes never made it to their destination, and it took the hospital almost a year to realize the tapes—and the sensitive data they contained—were gone.  

The breach was not reported for several more months, thanks to inadequate employee training and internal policies, according to the release. The hospital has agreed to take steps to improve their security in compliance with both state and federal laws and regulations. 

The fees will go towards civil penalties, attorney fees, and a fund through the Attorney General’s Office to promote security education and future data security litigation, according to the release.

By Kate Vinton, (Forbes)