Search This Blog

Showing posts with label Data Breach. Show all posts

Yandex.Money to reissue customer cards after hacking


The electronic payment service Yandex.Money will re-issue the cards of its customers, the data of which users stored on one of the hacked servers.

Earlier, one of the Telegram channels reported that the attackers took possession of a full dump of the database network of electronic money exchangers. According to the channel, they are trying to sell a dump containing logins, names, addresses, partially decrypted passwords of user ID-wallets, card numbers and their balance for 50 thousand dollars.

According to Yandex Representatives, all information was taken from a third-party server through which users exchanged funds. As a result of verification, Yandex found out that a private website was hacked.

It’s important to note that scammers will not be able to use payment information, since all transactions require a number of actions confirming the operation.

"All wallet transactions require a payment password, card transactions also require 3Ds confirmation, but in any case, we will reissue all cards whose details have been made public," the company said.

QIWI Technical Director Kirill Ermakov told that the leak does not relate to the compromise of QIWI databases and does not pose a threat to users.

"The data of third-party services that are not related to QIWI were leaked. We take the protection of personal data of our customers very seriously and constantly inform customers that they can not leave their personal data and data to enter your personal account on third-party resources," he said.

Last week, hackers posted information about the sale of data cards of customers of Sberbank. The authors of the announcement stated that their database contains 60 million entries. Initially, the Bank confirmed that the data of 200 customers had leaked, but later Sberbank admitted that the leak affected 5 thousand customers. According to the credit institution, their data is safe. Sberbank found a suspect in the leak, he was an employee of the Bank.

The data of almost 9 million customers of Russian mobile operator Beeline was in the public domain


The database of 8.7 million former and current Beeline mobile customers was in the public domain. The test showed that the data is relevant. This database contains data of customers who connected Beeline home Internet. According to the press service of the mobile operator reported that the data leak was recorded in 2017, and the perpetrators were identified. Beeline assured that now most of the information is outdated data.

According to experts, the information in the database is enough for attacks using social engineering methods, and there are still no ways to deal with fraudsters of this kind.

According to the Beeline press service, the company immediately established an operational headquarters to investigate the situation.

"Part of the information in the distributed archive does contain the data of the subscriber base of customers, however, a significant part of the information is outdated and irrelevant," the company said.

They also noted that Beeline’s customer base at the end of the second quarter of 2019 was 2.5 million subscribers, and not eight million, as attackers say.

The company assured that they are making every effort to ensure that this does not happen again.

"We appealed to all file-sharing resources where information about customers was posted. Many of them immediately agreed to remove it," Beeline said.

It is noted that the criminals are trying to re-publish the data, which indicates their desire to discredit the company.

"Our security service is investigating this incident, we will be grateful for any information that will help this work, both from our customers and from colleagues in the market," the press service said.

It also reported that the company is working closely with the competent authorities and agencies to prevent the disclosure of personal data not only of its customers, but also customers of all Telecom operators.

The company assures that outsiders do not have the opportunity to carry out transactions with the accounts and tariffs of their customers.

SGS Servers Compromised In a Data Leak; Customers in Jeopardy!



Firms including MG Motors, Shell India and Daimler India commercial vehicles got in jeopardy as the servers of SGS Group got compromised.

The private data saved on those servers was up for sale for a mere amount of $10,000 on ‘Dark Web’ or on the private internet forums.

Per sources, the data includes quality reports of the few very prominent oil and gas firms and truck manufacturers.

The firm in question mentioned that the leak’s been plugged, the anomalies have also been corrected and all the possible measures have been taken. Also the clients have been informed.

The firm’s Korean division which contains over 6,000 reports and French division were also under attack outing thousands of user data and test reports of its clients.

SGS servers are probably going to have quite a financial impact for its clients and customers.

“The SGS company servers have laid bare legitimate reports and it’s bound to have serious implications as hackers have all the access to the kind of files on the DarkWeb”, said J Prasanna, CEO, Cyber Security and Privacy Foundation Pte Ltd, Singapore.

According to him the situation clearly points to the actual storage devices being compromised.

The concerned firms were questioned about the damage to which Shell replied that they are strongly focused on ensuring high standards for its customers.

Facebook exposes 400 million user phone numbers


Security researchers have found a trove of more than 400 million Facebook users containing phone numbers on an unprotected server.

TechCrunch found a database on a server without any protection or encryption, meaning anyone could have found and accessed the database of users.

The database include 419 million records included unique Facebook IDs and the phone number listed on the account. Some also included the user's birth date, location and gender.

"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the statement said.

"The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on April 4th 2018 by Facebook's Chief Technology Officer."



Data of almost all employees of Russian Railways were publicly available


The personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available. A few hours later, the site administrator who published the data closed access to it, but this did not prevent their further distribution. The Russian Railways announced the beginning of the inspection.

Note that according to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people, thus, in the public domain were full names, addresses, Individual insurance account number (SNILS), phones and even photos of 96% of employees.

However, the representative of Russian Railways assured that the personal data of the passengers were not stolen: "The Ticket Sales System has the protection of personal data of a high degree of reliability.”

The founder and technical director of the company DeviceLock, specializing in the prevention of data leakage from corporate computers, Ashot Hovhannisyan on Tuesday, August 27, reported in his Telegram-channel "Information Leak" and in his blog on the Habr.com that unknown posted in open access personal data of 703 thousand people. At the same time, the attackers added a note to the publication: Thanks to Russian Railways for the information provided by careful handling of personal data of its employees."

The data of Russian Railways employees was published on the website infach[.]me under the title "Slaves of the Railways". At the moment, the website doesn’t work. The infach[.]me domain was registered in February 2018, it allowed users to anonymously publish personal data of other people.

According to the results of the first inspection of the Russian Railways, it became known that the data of the company's employees got into open access after hacking the system. According to one version, cybercriminals hacked servers on which the Personnel Department stored complete information about its employees, including their names, surnames, SNILS, mobile phones, tax identification number. According to another version, attackers hacked the database of the Corporate University of Russian Railways, where almost all employees study. The company said that the incident is an attempt to discredit, but its purpose is still unknown.

It should be noted that the day before also became known about the leakage of data of hundreds of Russians, presumably through the Russian System for Operative Investigative Activities (SORM), with which the security services can read the correspondence of citizens.

Instagram Users Fall Victim To yet another Phishing Campaign



Instagram user's become victims of a new phishing campaign that utilizes login attempt warnings combined with what resembles the two-factor authentication (2FA) codes to trick potential victims into surrendering over their sensitive data by means of fake sites.

It is believed that they use the 2FA to make the scam increasingly 'believable' and  alongside this they resort to phishing with the assistance of a wide scope of social engineering techniques, just as messages intended to seem as though they're sent by somebody they know or an authentic association.

Here, particularly the attackers utilize fake Instagram login alerts stating that somebody tried to sign in to the target's account, and thusly requesting that they affirm their identity by means of a sign-in page linked within the message.

In order to abstain from raising any suspicions these messages are intended to look as close as conceivable to what official messages might appear coming from Instagram.

Once on the target is redirected to the phisher's landing page, they see a perfectly cloned Instagram login page verified with a legitimate HTTPS certificate and displaying a green padlock to ease any questions regarding whether it's the genuine one or not.


To avoid from falling for an Instagram phishing trick like this one, the users are prescribed to never enter their sign-in certifications if the page requesting that they sign in does not belong to the instagram.com site.

Anyway in the event that the user has had their Instagram credentials stolen in such an attack or had their account hacked but in some way or another can still access it, at that point they should initially check if their right email address and phone number are still associated with the account.

Following this they it is advised that they change the account's password by adhering to specific guidelines given by Instagram.

Be that as it may, assuming unfortunately, that the user has lost access to their account after it being hacked, they can utilize these guidelines or instructions to report the incident to Instagram's security, which will then accordingly re-establish it subsequent to confirming the user's identity through a picture or the email address or phone number you signed up with and the type of device you used at the time of sign up."

A Web Privacy Research Group Discovers Data Breaches In Two Indian Fintech Startups




Data breaches in two Indian fintech start-ups — Credit Fair and Chqbook were recently discovered by a web privacy research group called vpnMentor. While the former start-up has all to deal with online shopping credit to customers the latter is a finance marketplace which associates customers to credit cards, and personal loans providers.

The research group's team found that "both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.”

With regards to Chqbook, the research group 'claimed' to have accessed 67 GB of user information including sensitive data, like the user's telephone number, address , email, Credit card number, expiry date, transaction history, plain text passwords, gender, income and employment profile among other fields.

However, Vipul Sharma the founder of Chqbook denied the research group's claim that 67 GB of user data was comprised, rather he said that 'Chqbook does not have that much volume of data.'

In the case of Credit Fair, the research group said it was able to extract 44K user records containing fields, like phone number, detailed information of their loan applications, PAN number, IP address, session tokens, Aadhaar number, and more.

The 'lending company' as of now has still not fixed the issue as per the research group's post of July 31.

This is however not the first case of data breach in Indian start-ups, numerous well-known start-ups across various sectors have experienced at least one situation of data breach. Some recent ones include: Truecaller, Justdial, EarlySalary, Ixigo, FreshMenu, and Zomato.

Hence keeping in mind the ever expanding number of data breaches in the nation, the Indian government has begun observing the situation with a much serious eye that too at a policy level and in July, an high-level panel headed by Justice B.N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad.

Hopefully the Government's stance on requiring every single sensitive information of Indian users to be put away or stored locally to guarantee that the information is easily auditable will be viable this time.

Capital One Data Breach, Hacker gets Access to 100 Million Accounts


A massive data breach to Capital One servers compromised the personal details of an estimated 106 million bank customers and applicants across Canada and the US.

The suspected hacker, Paige Thompson, 33, has been arrested by FBI on Monday. She has shared details about the data breach on a GitHub page earlier in April, according to the criminal complaints.

Thompson broke into a Capital One server and illegally acquired access to customers' names, addresses, credit limit, contact numbers, balances, credit score, and other related data.

According to the documents, the 33-year-old, Seattle resident gained access to 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers.

Thompson who had previously worked with Amazon Web Services as a software engineer was able to access the data by exploiting a misconfigured web application firewall in company's infrastructure, as per a court filing.

Despite the magnitude of the breach, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company told.

Expressing concern over the matter, Chairman Richard Fairbank, said, "While I am grateful that he perpetrator has been aught, I am deeply sorry for what has happened.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," he assured.

Meanwhile, the company is notifying the victims and aiding them with identity protection and free credit monitoring.



Researchers found Third-Party costs the Healthcare Industry $23.7 Billion a Year






The average cost of a data breach has increased to 12% over the past five years to US$3.92 million, according to a report sponsored by tech giant IBM.

The report released by Censinet and the Ponemon Institute which was funded by IBM, conducted research on more than 500 companies around the world that suffered a breach over the past year.

According to the report, 72 percent of respondents believe that the increasing dependence on third party medical devices to the network is most risky, while 68 percent say connecting medical devices to the internet increases the risk of cyberattack. 

“This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management,” said Ed Gaudet, CEO, and founder of Censinet. “The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect.”

In India, on an average, 35,636 records were compromised in a data breach, and cost ₹12.8 crore to organizations from July 2018 and April 2019,


“It’s clear that healthcare providers are in a tough spot. The number of vendors they rely on is increasing at the same time the threats those vendors pose are escalating in frequency and severity, so it’s easy to see how managing these risks has become an overwhelming problem,” said Dr. Ponemon, chairman and founder of the Ponemon Institute. “But it’s not all bad news – we can very clearly see an opportunity with automation for healthcare providers to monitor, measure, and mitigate the scourge of third-party breaches that continues to plague their industry.”

Equifax Paying Settlement around $700 Million after Massive Data Breach


Almost two years ago, Equifax suffered a massive data breach which exposed a significant amount of sensitive data of over 143 million Americans, the compromised information included that of driving licenses, social security numbers, and addresses of the victims. 

It has been uncovered by The Wall Street Journal and The New York Times that the consumer credit reporting agency is closing in on a settlement with FTC, state attorneys general, Consumer Financial Protection Bureau along with state and federal agencies. Equifax could settle up with $650 to $700 million, out of which it has put aside $690 million for the purpose of penalty. 

As per the media findings, the amount is expected to differ on the basis of the number of people filing claims and the details of the same will be released on Monday.

Notably, the settlement entails terms to devise a separate fund for the purpose of settlement, however, the amount victim's could expect in compensation is still a matter of question.

Commenting on the matter, Equifax CEO, Richard Smith, said, “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” as he decided to retire in the wake of the cyberattack. 



Logins and passwords of users of the Russian online store Ozon leaked to the Internet


The database including more than 450 thousand e-mail addresses and user passwords from accounts of the Russian online store Ozon was found on one of the sites that collect data leaks.

According to journalists, the leak occurred six months ago, but the company did not declare it. The found database combines two other bases, the originals of which were found on one of the hacker forums in November 2018.

As it turned out, a massive data leak could occur in three cases: data theft by an Ozon employee, an attack by a hacker who got inside the organization, or an incorrectly configured external server that opened unauthorized access to the database to anyone.

It is interesting to note that in 450 thousand of published logins and passwords, the number of data belonging to users of the company does not exceed a few percents.

"At the same time, most of the discovered accounts are inactive, that is, they have not been used for a long time," the company said.

Ozon explained that after the leak became known, compromised passwords were reset, and users were notified of the incident.

The official representative of Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media) Vadim Ampelonsky said that Roskomnadzor intends to obtain explanations from the online store Ozon due to the leakage of user data.

Ampelonsky noted that Roskomnadzor is concerned about the actions of Ozon under the circumstances, as the online store did not notify in a timely manner about this situation, which threatened the safety of customers.

According to the official representative of Roskomnadzor, the e-mail address and password not only allows access to the user's account, but also allows to collect personal information and to act on his behalf.

The press Secretary of Roskomnadzor said that at the moment Russian laws do not oblige to notify the Supervisory authority about leaks, but now the relevant regulatory documents are being developed.

One Plus found leaking user data

Chinese smartphone brand OnePlus has been reportedly leaking data of OnePlus phone users for years. According to a report by 9to5 Google, OnePlus has been ‘unknowingly’ leaking crucial personal information of its users publicly for quite a considerable amount of time and it is only when the major security flaw was pointed out to the company recently that it has started to investigate. Here is everything you must know about this breach in privacy.
According to the report, OnePlus has been leaking names and email addresses of hundreds of its users, through the ‘Shot on OnePlus’ application that allegedly carries a security flaw. The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally.
As the name suggests, ‘Shot on OnePlus’ allows users to upload their photos from the phone or from a website (for which they need to be logged in to the OnePlus account) and set user-submitted photos as their wallpaper. Users can also adjust their profile, including their name, country, and email address from the app and the website. OnePlus chooses one photo every day to feature in the app and on the website. According to 9to5Google, the API OnePlus used to make a link between their server and the app was “fairly easy to access” despite carrying private information about users. It said anyone with an access token could “do most actions” with the API. An API, or Application Programming Interface, is a software intermediary that allows two applications to talk to each other.

9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.

The leak was reported taking place because of a flaw which was communicated to the company in early May but hasn’t been completely patched despite a fix being rolled out.

Data Leakage in the Federal portal of public services exposes the personal data of millions of Russians

Details of passport, social security number and employment data of 2.24 million Russian citizens were publicly available. Ivan Begtin, the Chairman of the Data Markets Association was discovered this leak. He analyzed the information of the largest Russian electronic trading platforms, where commercial purchases and public procurement are placed, and where important data was publicly available.

Begtin checked 562 thousand records of ZakazRF, 550 thousand records of RTS-tender, as well as records of Sberbank AST and other major Russian electronic trading platforms. Confidential information was in the public domain on each of the websites.

According to the Chairman of the Data Markets Association, the error occurred due to the illiteracy of developers and inaccuracies in the legislation. In his opinion, decisions on approval of major transactions should be published in the public domain by law. These documents often contain personal data. Second, the electronic signature that customers and suppliers use contains data about the name, e-mail and social security number.

Konstantin Bochkarev, the legal advisor of CMS, said that the disclosure of passport data may result in criminal liability for violation of privacy. According to him, there were examples when the phone number was recognized as a personal or family secret in practice of the Moscow city court.

Experts believe that the developers have violated the law "On personal data". The data can be removed by Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor) on the request of an individual or media reports.

At the moment, Roskomnadzor has already sent to the electronic trading platforms requests for the disclosure of personal data of more than 2 million bidders.

It is interesting to note that Google said in December that the data of 52.5 million people started to be publicly available due to an error in the Google+ service. Applications independently requested data on age, name and e-mail. The company assured that the card data and other personal data were not available to the application.

Data breach at University Of Alaska exposes personal information of students online



A Data breach incident at the University of Alaska  has compromised the personal information of students and other individuals. The university allegedly faced online data breach to its database which exposed several sensitive informations including personal information of teachers and other officials. The news came out in public after university disclosed the incident notice on their website.

In February 2018, some of the users of University’s website reported change of passwords and unauthorised access to their accounts, the University of Alaska started the investigation and later found out that their have been several incidences of data breach, exposing various personal informations of users.

According to an university investigating official “On or around March 28, 2018, the investigation determined that an unauthorized user also may have accessed certain email accounts between January 31, 2018, and February 15, 2018.”, he further added, “It may include an individual’s name, government issued identification number, date of birth, digital signature, driver’s license number, usernames and/or passwords, financial account numbers, health and/or health insurance information, passport number, and UA student identification number. For certain individuals, Social Security number may also have been present in the affected email accounts.”

After discovering the data breach incident, the University took action to prevent further damage, they took external experts to handle the investigation and are determined to find out the extent of the damage, They don’t have specific number of users affected by the incident.

There has been similar data breach incident earlier this month at Georgia Institute of Technology. Allegedly in the incident millions of records containing information of students and staff were exposed online.

Docker Hub hack leaked sensitive data of 190,000 users




An unauthorized access to a database was discovered by the Docker Hub that exposed sensitive data of more than 190,000 account holders. 

The exposed informations include username, hashed passwords, tokens for GitHub and Bitbucket repositories.

The company started emailing its customers about the security breach soon after the breach took place. However, it is unclear how hackers got a hold over a single database.

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Docker is recommending all  its users to change their password. All the impacted accounts GitHub tokens and access keys, so the user’s with auto builds are impacted.

Docker hub is the cloud repository of images created by users, and it could be downloaded by other users or images created by other communities.

“We are enhancing our overall security processes and reviewing our policies. Additional monitoring tools are now in place. Our investigation is still ongoing, and we will share more information as it becomes available,” reads breach report. 


Docker Hub hack exposes sensitive data of 190,000 users

                                                                   

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase.

This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds.

GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it depending on the permissions stored in the token.

Docker Hub lost keys and tokens which could have downstream effects if hackers used them to access source code at big companies.

Docker Hub is the official repository for Docker container images. It makes software tools for programmers and developers.

According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019.

Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected.

Aadhar Data of More Than 2 Crore Punjab Residents Found on Hard Disks



The ongoing investigation by The Special Investigation Team (SIT) on the Aadhaar data theft of around 7.82 crore people residing in Telangana and Andra Pradesh has led to the discovery of a hard disk containing the Aadhaar data of 2 crore Punjab residents, as per The Tribune reporting.

The hard disk containing data has been recovered from a Hyderabad based IT company, It Grids (India) Pvt Ltd and consequently it has been registered for unlawfully possessing the Aadhaar data of 7.8 crore residents and exploiting the same. The company is also known for building the official TDP app, "Seva Mitra".

With the further discovery of 2 crore Aadhaar data records, the breach which initially estimated around 7.8 crores, went up to 9.8 crores. The investigating agency is looking into the obvious question which arises— why would a Hyderabad based IT company want to store Aadhaar data of Punjab residents? Notably, the Unique Identification Authority of India (UIDAI) has already reasserted the secure condition of its data servers. Though UIDAI  stood strong for the security of its servers, Police seemed to have contrasting opinions and filed a case where the theft of Aadhaar data has been proven scientifically.

Defending their stand, “Mere possession and storage of Aadhaar numbers of people, though it maybe an offense under the Aadhaar Act under some circumstances, does not put the Aadhaar holders under any harm in any manner whatsoever. For accessing any Aadhaar-based service, biometrics or one-time password (OTP) is also needed,” the UIDAI said.

Hacker uploads about 1 billion user data in 2 months

A serial hacker who goes by the name of Gnosticplayers has released another 65.5 million records of users last week taking his grand total of 932 million records overall, with the consequences of the data pool as yet unknown. Since mid-February, Gnosticplayers has been putting batches of hacked data on Dream Market, which is a dark web marketplace for selling illegal products like hacking tools guns and drugs.

"The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations," the ZDNet reported late on Monday. The names of big companies that were hit included UnderArmor, 500px, ShareThis, MyHeritage and GfyCat. The releases have been grouped in four rounds -- Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).

"Last week, the hacker notified ZDNet about his latest release -- Round 5 -- containing the data of 65.5 million users, which the hacker claims to have been taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women's fashion store Moda Operandi, and Apple repair center iCracked," the report added.

Earlier in March, the serial hacker stole and posted personal data of close to 843 million users of various popular websites. The companies impacted include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak and Youthmanual.

Facebook leaves passwords unencrypted



Facebook said there is no evidence its employees abused access to this data. The company said the passwords were stored on internal company servers, where no outsiders could access them. However, privacy experts suggested that users change their passwords.

The security slip left the passwords readable by the social networking giant's employees.

The issue was first reported by security researcher Brian Krebs, who published a blog post-Thursday detailing that Facebook employees built applications that captured the passwords of users and stored them as plain text, meaning a password would be readable just the same as it is entered to log in.

The blunder was uncovered during a routine security review early this year, according to Canahuati.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said.

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."

Most companies encrypt passwords to prevent them from being stolen in the event of a data breach or used for nefarious purposes by company employees.

The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.3 billion users worldwide.

By storing passwords in readable plain text, Facebook violated fundamental computer-security practices. Those call for organizations and websites to save passwords in a scrambled form that makes it almost impossible to recover the original text. The blunder was uncovered during a routine security review early this year, according to Canahuati. 

Citrix Discloses Data Breach By International Cyber Criminals


An enormous data breach by "international cyber criminals" of the famous enterprise software company Citrix was unveiled a weekend ago, reporting the breach of its internal network.

The software company which is known to provide its services, especially to the U.S. military, the FBI, numerous U.S. organizations, and different U.S. government offices was cautioned by the FBI of foreign hackers compromising its IT systems and sneak "business documents," likewise including that the company did not know exactly which records and documents the hackers acquired nor how they even got in, in the first place.

In a blog post Citrix says that, “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security...”
"Password spraying” is an attack where the attackers surmise weak passwords to pick up an early toehold in the company's system in order to launch more extensive attacks.

The enormous data breach at Citrix has been distinguished as a part of "a sophisticated cyber espionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of the economy," said Rescurity, an infosec firm in a blog post.

The researchers at Resecurity shed all the more light on the episode when Citrix refused to disclose the numerous insights regarding the breach, guaranteeing that it had prior cautioned the Feds and Citrix about the "targeted attack and data breach."

In spite of the fact that Resecurity says that the Iranian-backed IRIDIUM hacker group hit Citrix in December a year ago and yet again on Monday i.e. the 4th of March and purportedly stole approximately 6 terabytes of sensitive internal files including messages, emails, blueprints and various other documents as well.

While this Florida-based company focused on the fact that there was no sign that the hackers bargained any Citrix product or service, and that it propelled a "forensic investigation," procured the best cyber security company, and took "actions" to skilfully secure its internal network.


Since the consequences of the Citrix 'security incident' are grave and they could influence a more extensive scope of targets, as the company holds sensitive data on other companies as well, including critical infrastructure, government and enterprises, therefore,  strict measures will be thusly taken to secure it inside-out.