blog trackingRealtime Web Statistics Stratfor Archives - Page 3 of 3 - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Stratfor’

Hackers Release More Information from STRATFOR

Members of Anonymous published data on almost a million people.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Data leaks at Stratfor and Care2 mark the end of a year riddled with data theft

Was 2011 the year of the data leak? Could be, but it is hard to tell.

From my vantage point writing daily about the most important stories in information security, data theft may not have been the most important story of 2011, but it certainly impacted more regular people and raised their awareness about the problem of all of their data being “in the cloud”.

I shared my thoughts on this today with John Moe on Marketplace Tech Report from American Public Media in the United States.

You can listen to my thoughts on 2011 alongside John Moe, Jonathan Zittrain, Susan Crawford and Danah Boyd in this four minute podcast.


(30 December 2011, duration 4:00 minutes, size 1.9 MBytes)

While Anonymous/LulzSec dominated the data breach headlines, what became clear was that more and more organizations are collecting data about us and doing a poor job of protecting that information.

Compliance rules like HIPPA/HITECH, PCI and others are not really having their intended impact as health records, credit cards, passwords, birth dates and more were all stored insecurely on often woefully unpatched systems.

The number of records stolen was enormous. Sony alone was hacked more than 20 times and lost over 100 million records.

The bulk email marketing company Epsilon leaked names and email addresses from some of the world’s most trusted brands like Best Buy, Marks Spencer, Marriott Rewards, Walgreens and Chase Bank.

South Korean social media users were hit hard when Cyworld and Nate were compromised (both owned by SK Communications) and hackers made off with more than 35 million records.

Like video games that aren’t related to Sony? Chances are your data was leaked when the Steam user forums were breached or when Square Enix was hit twice in 2011.

Citibank credit cards users had card information compromised affecting more than 200,000 people as well as customers of handmade cosmetics company Lush.

Of course the biggest story at the end of 2011, wrapping up the year of unsecured data has been the attack Anonymous made on Stratfor.

Stratfor, a company focused on security intelligence services, was attacked by Anonymous who have allegedly acquired 75,000 addresses, credit cards and names of their customers and then posted them publicly.

Sadly it seems companies still aren’t learning the lesson of protecting their customers information, even after all of these headlines and millions of dollars in lost reputation to the companies involved.

It was brought to my attention that Care2.com’s website was hacked revealing usernames and passwords for the sites nearly 18 million users.

Naked Security reader Bob emailed us to point out that Care2 is storing passwords insecurely.

Rather than storing passwords as a salted cryptographic hash that would not reveal their customers passwords if stolen (or make it much more difficult) they are storing them either in plaintext or in a reversible format.

According to the companies own FAQ about the data breach “Q. What can I do to recover my password?
A. Visit http://www.care2.com/retrieve_password Enter your user name or email address in the green box titled “Forgot your password or log-in name?” Your password will be emailed to you.”

Really!? After the attackers made off with all of your customer information you still are following the same insecure practices that put your customers information at risk in the first place?

Where does this leave us? Think carefully about who you share personal information with, and before doing so carefully weigh whether they need that information or not.

And for the sake of all of your digital presence use unique passwords for every site you access. There are great tools to help you like Keepass or LastPass.

To quote American folk singer Pete Seeger “When will they ever learn? When will they ever learn?”.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/EPSGCzCuLcU/

View full post on National Cyber Security

Hacking group releases more Stratfor subscriber data

IDG News Service - Hackers released another batch of data on Thursday pilfered from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend.

The data purports to be the names and credit-card numbers of people who have purchased research from Stratfor plus hundreds of thousands of user names and e-mail addresses used to register with the website.

The hackers, believed to be part of the Anonymous movement, described the data on Pastebin, then provided several links to websites hosting the information. They noted that some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

The data comprises 75,000 names, credit card numbers and MD5 hashes, or cryptographic representations, of passwords for people who have paid Stratfor for research. The group also said the data contains 860,000 user names, e-mail addresses and MD5 hashes for passwords for anyone who has registered on Stratfor’s website.

Stratfor said on Thursday that it was offering a free one-year subscription to an identity protection service to those affected.

Stratfor’s CEO, George Friedman, wrote on the company’s Facebook page on Monday that the intrusion revealed the names of some corporate subscribers along with personal and credit card data.

A first batch of data was released by hackers shortly after the breach. Stratfor denied the hackers’ claim that data was a list of “private clients” but rather a list of members who may have purchased a publication.

Barrett Brown, a de facto spokesman for Anonymous, wrote on Pastebin on Monday that the hacking wasn’t aimed at stealing credit card numbers but rather 2.7 million internal e-mails.

“This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,” Brown wrote. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Those e-mails have yet to be released and could present another headache for Stratfor. The company’s website was still down as of Friday, and officials could not be immediately reached by phone.

Send news tips and comments to jeremy_kirk@idg.com

Article source: http://rss.computerworld.com/~r/computerworld/s/feed/topic/17/~3/RXQPfTrXmNk/Hacking_group_releases_more_Stratfor_subscriber_data

View full post on National Cyber Security

Stratfor Says Hackers Only Nabbed Credit Card Information

After hackers broke into its website on Dec. 24, Stratfor has partnered with an identity protection service in an effort to give subscribers some measure of comfort. The company will offer its members 12 months of global identity protection for free.

View full post on credit card fraud – Yahoo! News Search Results

View full post on National Cyber Security

Stratfor Taps CSID To Protect Identities Breached In Cyberattack

Attacks resulted in the unauthorized disclosure of personal information

View full post on cyber security alerts – Yahoo! News Search Results

View full post on National Cyber Security

Security intelligence firm Stratfor investigates hacktivist attack

A hacktivist group claims it stole credit card data from organizations that purchased the intelligence firm?s publications.

Add to digg
Add to StumbleUpon
Add to del.icio.us
Add to Google


<img alt="Security intelligence firm Stratfor investigates hacktivist attack, Blog, Security, attack, Intelligence, hacktivist, firm, Investigates, Stratfor"height="0" width="0" border="0" style="display:none" src="http://segment-pixel.invitemedia.com/pixel?code=TechBiz
&partnerID=167&key=segment”/>

View full post on SearchSecurity: Security Wire Daily News

View full post on National Cyber Security

STRATFOR Hacked

Approximately 200 GB of sensitive information, including credit card data, was stolen.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Stratfor cyberattack adds an exclamation point to ‘Year of the Hack’

Don’t be too surprised if historians look back at 2011 and dub it “The Year of the Hack.” If so, it won’t likely be due to raw numbers of computer networks infiltrated or websites defaced, but rather the fact that cyberspies, criminals, and hacktivists finally registered as a major threat in the public mind and with news media.

View full post on germany cyber attack – Yahoo! News Search Results

View full post on National Cyber Security

Anonymous claims to hack US security firm Stratfor

Online “hacktivist” group Anonymous claimed Sunday it had stolen a trove of emails and credit card information from US-based security firm Stratfor’s clients, and vowed additional attacks.

View full post on anonymous hacker – Yahoo! News Search Results

View full post on National Cyber Security

Stratfor hacked by Anonymous Hackers for #AntiSec

Article source: http://feedproxy.google.com/~r/TheHackersNews/~3/d3NMZ_CIWrg/stratfor-hacked-by-anonymous-hackers.html

View full post on National Cyber Security

Page 3 of 3«123

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!