Search Results for “CNN”


October 6, 2019
Kevin Collier / CNN

Kevin Collier / CNN  
Attempted Hack Into Voting Mobile App Voatz in West Virginia May Have Been University of Michigan Student’s Attempt to Research Security Vulnerabilities

An attempted hack into a mobile voting app called Voatz used in West Virginia during the 2018 midterm elections may have been by an attempt by a student as a part of a University of Michigan election security course to research security vulnerabilities rather than an attempt to alter any votes, three people familiar with the matter told CNN. The app has been used in the state since 2018 to allow overseas and military voters to vote via smartphone. Mike Stuart, the US attorney for the Southern District of West Virginia, revealed at a press conference last week that an FBI investigation “is currently ongoing.” The office of West Virginia Secretary of State Mac Warner had previously communicated to Stuart that suspicious activity against the Voatz app came from IP addresses associated with the University of Michigan, a person familiar with the matter said. West Virginia is the only state that currently uses the Voatz system.

Related: The Register

Tweets:@kevincollier @donie @jasonleopold @weldpond @joebeone


October 1, 2019
Christina Maxouris and Konstantin Toropin / CNN

Christina Maxouris and Konstantin Toropin / CNN  
Former Yahoo Software Engineer Pleads Guilty to Hacking 6,000 Yahoo Accounts, Including Those of Friends and Work Colleagues, Searching for Sexual Images and Videos

The US Attorney’s office in the Northern District of California said that a former Yahoo software engineer, Reyes Daniel Ruiz, pleaded guilty to hacking thousands of Yahoo users’ accounts and searching for private records. Ruiz was mostly interested in sexual images and videos of the account holders and admitted using the access he had to hack into about 6,000 Yahoo accounts, targeting younger women, including his personal friends, and work colleagues. Once he gained access to the Yahoo accounts, Ruiz compromised the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. He made copies of pictures and videos that he found and stored them at home. Ruiz was charged with one count of computer intrusion and one count of interception of a wire communication, but under the plea agreement pleaded guilty to just the computer intrusion charge. Ruiz has been released on a $200,000 bond and faces a sentencing hearing scheduled for February 3, 2020.

September 19, 2019
Samantha Murphy Kelly / CNN

Samantha Murphy Kelly / CNN  
Facebook Launches $149 Portal TV Product With Camera and Smart Speaker Amid Privacy Backlash, Confirms Human Contractors Will Listen to Interactions

Embroiled in endless controversies over its privacy practices, Facebook announced it would take the concept of its Portal Product, a smart speaker with a screen, a step further with Portal TV, a $140 small black camera that can be clipped onto the top of users’ TVs or sit below them on a stand much like Roku or Apple TV. Despite marketing the device as “private by design,” Facebook confirmed that it may have contractors listen to recordings of user interactions with Portal TV and its other Portal devices, beginning when the wake word “Hey Portal” is spoken, in order to “improve the accuracy of voice services for everyone,” Andrew Bosworth, Facebook’s vice president of AR and VR, said the human reviews will be conducted by “trained vendors under very secure environments” and that users who are uncomfortable with this prospect can opt-out. Facebook also announced a redesigned 10-inch Portal at a reduced price ($179) and an 8-inch Portal Mini ($129).

Related: Vox, CNET, Futurism, San Francisco Chronicle, AP Breaking News, WRAL Tech Wire, AP Breaking News, channelnews, Popular Science, The Mac Observer, TechCrunch, Daily Mail, Quartz, Android Central, Investor’s Business Daily, MacRumorsBGR, Trusted Reviews, Android Police, Ubergizmo, Engadget, Wired, Facebook, The Verge, The Telegraph

Tweets:@dhh @mrjabbott @iansherr @rycrist @stevekovach

Vox: The techlash isn’t big enough to stop Facebook from selling video chat devices for your living room
CNET: Facebook Portal would be great for my kid, but then I have to trust Facebook
Futurism: Facebook: Actually, We Do Listen to You Sometimes
San Francisco Chronicle: Facebook slashes price, size of Portal video calling device
AP Breaking News: Facebook slashes price, size of Portal video call gadget
WRAL Tech Wire: Facebook cuts price on video call gadget, also offers smaller size
channelnews: New Facebook Portal TV Seen As A Security Risk
Popular Science: Facebook’s new Portal video chat devices are smaller, cheaper, and facing stiffer competition
The Mac Observer: Facebook Launches New Surveillance Devices For Your Home
TechCrunch: Daily Crunch: Facebook announces Portal TV
Daily Mail : Facebook can watch you at home: Firm launches Portal devices that lets users video chat
Quartz: Facebook is launching new Portal smart displays. But why?
Android Central : Facebook’s new Portal TV brings smart video calling to your television
Investor’s Business Daily: Facebook Expands Streaming Wars, Takes A Bite Out Of Roku
MacRumors: Facebook Announces ‘Portal TV’ for Streaming Content and Holding Video Calls
BGR: Facebook’s new Portal TV turns your television into a video chat monitor
Trusted Reviews: Facebook swears Portal devices won’t spy, but will use data for adverts
Android Police: Facebook refreshes Portal family, adds new Mini model and camera-only option for TVs
Ubergizmo: Facebook Unveiled The Portal TV For $149
Engadget: Facebook’s $149 Portal TV turns your television into a giant smart display
Wired: The Facebook Portal Smart Speaker Is Back, Now With More AI
Facebook: Meet the New Portal Family: Smart Video Calling on Your TV and Anywhere in Your Home
The Verge: Facebook introduces Portal TV, a video chat camera accessory for your television
The Telegraph: Facebook Portal security concerns laid bare as company admits humans can listen in

@dhh: Oh great. Facebook Google, et al are spying on you through your smart TV as well. Wouldn't want to miss an opportunity to exploit every waken minute of the day for more data collection. Surveillance capitalism is the fucking worst.
@mrjabbott: If you buy this Facebook Portal TV thing I will never go to your house.
@iansherr: Facebook Portal would be great for my kid, but then I have to trust Facebook
@rycrist: Facebook Portal and your privacy: Here's everything you should think about before buying in. My latest explainer for @CNET
@stevekovach: Very weird $ROKU would fall on Facebook Portal news. Zero indication these devices are selling. Comcast streaming box more of threat since it comes from the company already providing internet to customers.


July 31, 2019
Kevin Collier / CNN

Kevin Collier / CNN  
Other Victims of Capital One Hacker Might Include Vodafone, Infoblox, Ford, Michigan State University and Ohio Transportation Department

Accused Capital One hacker Paige Thompson left a string of clues in a Slack channel called netcrave regarding the other entities she may have hacked in addition to Capital One. Among the other organizations indicated in compressed hacked files in her channel postings were the Ohio Government Department of Transportation, Vodafone, California IT company Infoblox, Ford, and Michigan State University. All five of the organizations say they are investigating the matter but say they haven’t been hacked. At the time of announcing charges against Thompson for the Capital One breach, the Department of Justice said that other charges against her could be in the offing.

Related: Forbes, Brian Krebs, TechCrunch, Canadian Centre For Cyber Security News, Tampa Bay Times, Tech Insider, CPO Magazine, The Mac Observer, The Verge


October 4, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Microsoft Says ‘Phosphorous’ Threat Group Linked to Iranian Government Targeted Unnamed 2020 U.S. Presidential Candidate’s Email Account Along With 2,700 Other Email Accounts

Microsoft said that it has seen a threat group linked to the Iranian government, which it calls Phosphorous but is also known as APT 35, target an unnamed 2020 U.S. presidential candidate. In a 30-day period between August and September of this year, Phosphorous made more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers that are “associated” with a presidential campaign, current and former U.S. government officials, journalists and prominent Iranians living outside the country. Four of the accounts not associated with the U.S. presidential campaign or current and former U.S. government officials were compromised in the effort. The attacks, which Microsoft described as not sophisticated, attempted to use a “significant amount of personal information” to game password reset or account recovery features and try to take over some targeted accounts. Some of the attacks entailed gathering and targeting user phone numbers.

Related: Microsoft, Fifth Domain | Cyber, New York Post, Digital Trends, Algemeiner.com, AOL, Financial Times, The Hill: Cybersecurity, The Hill: Cybersecurity, The Register – Security, MSPoweruser, Gizmodo, The Age, Reuters, Axios , BleepingComputer.com, News : NPR, UPI.com, CNN.com, Slashdot , Haaretz.com, Jerusalem Post, Channel News Asia, Arutz Sheva News, News.com.au, CNBC, News.com.au, AP Breaking News,NBC News Top Stories, VentureBeat, USA Today, RT News, CTVNews.ca, TribLIVE, Star TribuneEngadget, PCMag.com, WashingtonExaminer.com, ZDNet, Bloomberg Politics, Al Jazeera English, CNET News, CNN.com, New York Times – Nicole Perlroth, CNET News, Deutsche Welle, Washington Post, Washington Post, ZDNet, The Palm Beach Post, The Age, ZDNet, Stars and Stripes, Windows Central , Law & Disorder – Ars Technica, GeekWire, JNS.org, The Verge, Fortune, TIME, POLITICO, RT News, The Times of Israel, South China Morning Post

Tweets:@Bing_Chris @Olivia_Gazis @W7VOA @tonyromm @adrianweckler @g_ratnam @shanav @jseldin @gregotto @jamestutt @magmill95 @alexwardvox

Microsoft: Recent cyberattacks require us all to be vigilant
Fifth Domain | Cyber: Iran-backed hackers targeted 2020 presidential campaign, says Microsoft
New York Post: Microsoft says Iran plotted cyber attack against US presidential campaign
Digital Trends: Microsoft blames Iran for hacking attempts on U.S. presidential candidates
Algemeiner.com: France Gives One Month to Get Iran-US to Negotiating Table
AOL: Iran-linked hackers tried to compromise presidential campaign, Microsoft says
Financial Times: Microsoft says Iran tried to hack 2020 Democratic campaign
The Register – Security: Iran tried to hack hundreds of politicians, journalists email accounts last month, warns MicrosoftThe Hill: Cybersecurity: Iran-linked group targeted email accounts for US presidential campaign, government officials
MSPoweruser: Microsoft uncovers US election hacking plot by Iranian agencies
Gizmodo: Someone ‘Highly Motivated’ Tried to a Hack 2020 Presidential Campaign, Microsoft Warns
Firstpost: Iranian hackers targeted U.S. presidential campaign, did not succeed – Microsoft
The Age: Iranian hackers targeted US presidential campaign, Microsoft says
Reuters: Iranian hackers targeted U.S. presidential campaign, did not succeed: Microsoft
Axios : Microsoft: Iranian group tried to hack unnamed 2020 candidate, others
BleepingComputer.com: Microsoft Discovers Iranian Hacking Campaign Targeting U.S. Politics
News : NPR: Microsoft Says Iranians Tried To Hack U.S. Presidential Campaign
UPI.com: Microsoft: Iran-linked hacking group has targeted 2020 U.S. campaign
CNN.com: Iranian hackers targeted presidential campaign and US government officials
Slashdot : Microsoft: Iranian Hackers Targeted a 2020 Presidential Campaign
Haaretz.com: Iranian hackers targeted a U.S. presidential campaign, Microsoft says
Jerusalem Post: Microsoft finds Iranian hackers targeted a U.S. presidential campaign
Channel News Asia: Iranian hackers targeted US presidential campaign, did not succeed – Microsoft
Arutz Sheva News: Microsoft: Iran-linked hackers tried to compromise US campaign
News.com.au: Microsoft: Iranian hackers targeted US campaign
CNBC: Microsoft says Iranian hackers targeted presidential campaign, government officials, media
News.com.au: Microsoft: Iranian hackers targeted US campaign
AP Breaking News: Iranian hackers said to target presidential campaign
New York Times : Iranian Hackers Targeted Presidential Campaign, Microsoft Says
NBC News Top Stories: Iran-linked hackers tried to compromise presidential campaign, Microsoft says
VentureBeat: Microsoft: Hackers linked to Iran targeted U.S. presidential candidate
USA Today: Microsoft: Iran government-linked hacker targeted 2020 presidential campaign
RT News: Iranian govt-linked op tried to HACK TRUMP 2020 campaign, Reuters sources claim
CTVNews.ca: Iranian hackers said to target U.S. presidential campaign
TribLIVE: Iranian hackers said to target presidential campaign
Star Tribune: Iranian hackers said to target presidential campaign
CNN.com: Iranian hackers targeted presidential campaign and US government officials
Engadget: Microsoft: Iranian cyberattack targeted a US presidential campaign
USA Today: Microsoft: Iran government-linked hacker targeted 2020 presidential campaign
PCMag.com: Microsoft: Iranian Hackers Targeted US Presidential Campaign
WashingtonExaminer.com: Microsoft: Iran-tied group attempted to hack US presidential campaign email accounts
ZDNet: Microsoft: Iranian hackers targeted a 2020 presidential campaign
Bloomberg Politics: Microsoft Says Iran Tried Hack of U.S. Presidential Campaign
Al Jazeera English: Iranian hackers targeted a US presidential campaign: Microsoft
CNET News: Iranian hackers targeted a US presidential campaign, Microsoft says – CNET
CNET News: Iranian hackers targeted a US presidential campaign, Microsoft says – CNET
Deutsche Welle: Hackers target US presidential campaign, Microsoft reports
Washington Post: Iranians tried to hack U.S. presidential campaign in effort that targeted hundreds, Microsoft says
The Palm Beach Post: Iranian hackers said to target presidential campaign
The Age: Iranian hackers targeted US presidential campaign, Microsoft says
ZDNet: Microsoft: Iranian hackers targeted a 2020 presidential campaign
Stars and Stripes: Iran tried to hack US candidates, journalists in effort that targeted hundreds, Microsoft finds
Firstpost: Iranian hackers targeted a U.S. presidential campaign, Microsoft says
Windows Central : Microsoft: Iranian hacking group targeted 2020 presidential campaign
TechCrunch: Microsoft says Iranian hackers targeted a 2020 presidential candidate
Law & Disorder – Ars Technica: Microsoft says Iranian hackers tried to hack a US presidential campaign
GeekWire: Iranian hacker group attacked email accounts tied to a US presidential candidate, Microsoft says
JNS.org: Microsoft: Iran sought to hack US presidential campaign
The Verge: Microsoft says Iranian hacking group targeted a 2020 US presidential candidate
Fortune: How Iran-linked Hackers Tried to Compromise a Presidential Campaign
TIME: Microsoft Says Iranian Hackers Targeted U.S. Presidential Campaign
POLITICO: Iranian hackers targeted 2020 presidential campaign, Microsoft finds
The Times of Israel: Microsoft says Iranian hackers targeted a US presidential campaign
South China Morning Post: Iranian hackers targeted 2020 US presidential campaign, Microsoft finds

@Bing_Chris: "The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran"
@Olivia_Gazis: .@Microsoft says it has detected hackers linked to the Iranian government targeting at least one U.S. presidential campaign:
@W7VOA: Cyber activity from #Iran and linked to that government detected by @Microsoft.
@tonyromm: A campaign linked to the Iranian government attempted to identify, attack and breach email addresses belonging to U.S. presidential campaigns, government officials and journalists, according to new data unveiled by Microsoft
@adrianweckler: Microsoft head of security posts blog saying Iranian govt-backed hackers attacked email accounts of journalists and an unnamed US presidential campaign
@g_ratnam: A group called Phosphorous, believed to be tied to Iran, has targeted 2700 email accounts associated with US presidential campaigns, US officials, journalists and others, per @Microsoft . 241 of those were then attacked.
@shanav: NEW: Microsoft says Iranian APT group Phosphorous, with ties to Iran's government, has worked to get past two-factor authentication and reset passwords for a U.S. presidential campaign, as well as current and former U.S. gov officials and journalists.
@jseldin: "Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them" per @TomBurt45More here:
@gregotto: NEW: Microsoft found an Iranian group going after microsoft email accounts tied to a presidential campaign, current and former gov, and journalists
@jamestutt: Today we are sharing details of significant cyber activity from a threat group we call Phosphorous, believed to originate in Iran with links to the Iranian govt. More here: https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/
@magmill95: Big cyber news today: Microsoft announced that it tracked an Iranian-linked threat group over 30 days attempt to identify and attack consumer email accounts linked to Microsoft customers, including an unnamed U.S. presidential campaign and U.S. officials:
@alexwardvox: .@Microsoft's @TomBurt45 : "Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government."


August 31, 2019
Brian Barrett / Wired

Brian Barrett / Wired  
Anonymous Hacker Compromised Twitter CEO Jack Dorsey’s Account Through SIM Swapping and Tweeted String of Racist Messages, Bomb Threats

An anonymous hacker took over Twitter CEO Jack Dorsey’s account for 20 minutes and used it to send out a string of racist messages and bomb threats. A group that calls itself the “Chuckle Gang,” which has broken into other high-profile Twitter accounts before, apparently broke into the @jack account at 3:45 pm and sent out dozens of tweets and retweets. Other who have been attacked by these hackers blamed so-called SIM swap attacks, with a particular focus on AT&T and Twitter confirmed that Dorsey’s breach was a SIM swap as well. It’s unclear, however, how Dorsey was able to regain access to his account so quickly if the attack was a result of a SIM swap.

Related: Deutsche Welle, Digital Trends, The Hill: CybersecurityAvira Blog, Firstpost, Sydney Morning Herald, Reuters, The Next Web, Tech Insider, Stars and Stripes, PCMag.com, ZDNet, ABC News: U.S., CBC, TribLIVE, Financial Times, Washington Post, SlashGear » security, Stuff.co.nz – Stuff, CNET News, ZDNet, New York Times, CBC, The A.V. Club, BuzzFeed – Tech, Sky News, Mashable, TORONTO STAR, Dark Reading: Attacks/Breaches, USA Today, Social Media Today , Vox, OneZero – Medium, FOX News, The Verge, VentureBeat, Gizmodo, Evening Standard, Daring FireballWindows Central , TechCrunch, Daily Dot, Tech Insider, CBSNews.com, Digital Trends, Heavy.com, Quartz, Neowin, Daily Beast, The Verge, Slashdot, CNET News, CNN.com, Android Central , San Francisco Chronicle, SFist, Axios, Vox, MobileSyrup.com, The Inquisitr News, CCN, AP Breaking News, iAfrikan, TIME, iMore, Memeburn, The Guardian, Android Central , RT USA, Boing BoingAndroid Authority, The Register, CNN.com, San Francisco Chronicle, Quartz, Cybersecurity Insiders, SC Magazine, THE INQUIRER, DataBreachToday.com, THE INQUIRER, iTnews – Security, PCMag.com, Haaretz.com

Deutsche Welle: Twitter CEO Jack Dorsey’s account sent racist tweets after hack
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
The Hill: Cybersecurity: Hillicon Valley: Twitter CEO Jack Dorsey’s account hacked | Google found iPhone security bug | YouTube reportedly to pay up to $200M to settle child privacy investigation | DNC expected to nix Iowa virtual caucus plans
Firstpost: Twitter CEO’s hacked account sends racist tweets before being secured
Sydney Morning Herald: Twitter CEO Jack Dorsey’s account hacked, racist tweets sent
Reuters: Twitter CEO’s hacked account sends racist tweets before being secured
Channel News Asia: Twitter CEO’s hacked account sends racist tweets before being secured
The Next Web: Twitter CEO Jack Dorsey’s account has been hacked
Tech Insider: Twitter CEO Jack Dorsey’s Twitter account was hacked to send out racist tweets with the n-word and phrases like ‘Hitler is innocent’ (TWTR)
Stars and Stripes: Twitter CEO Dorsey’s account sent racist tweets after hack
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
ZDNet: Jack Dorsey’s Twitter account got hacked
ABC News: U.S.: Twitter CEO Dorsey’s account sent racist tweets after hack
CBC: Twitter says CEO’s account sent out racist, vulgar tweets after it was hacked
TribLIVE: Twitter CEO Jack Dorsey hacked; account sent racist tweets
Financial Times: Jack Dorsey’s Twitter account hacked
Washington Post: Twitter co-founder Jack Dorsey’s account hacked
SlashGear » security: Twitter CEO’s @Jack account hacked [Update]
Stuff.co.nz – Stuff: Twitter CEO Jack Dorsey’s account sends racist tweets after hack
CNET News: Jack Dorsey’s Twitter account hacked – CNET
New York Times: Twitter C.E.O. Jack Dorsey’s Account Hacked
The A.V. Club: Someone hacked Jack Dorsey’s Twitter account to say even dumber stuff than usual
BuzzFeed – Tech: Jack Dorsey, The CEO Of Twitter, Was Hacked On Twitter
Sky News: Twitter founder’s account hacked as racist tweets posted
Mashable: Jack Dorsey’s Twitter account hacked to spread pro-Hitler message
TORONTO STAR: Twitter founder Jack Dorsey’s account hacked
Dark Reading: Attacks/Breaches: @jack Got Hacked — Twitter CEO’s Tweets Hijacked
USA Today: Twitter says it is investigating how CEO Jack Dorsey's account was compromised
Social Media Today : Hackers Gain Access to the Twitter Account of Platform CEO Jack Dorsey, Tweet Offensive Content
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
OneZero – Medium: Three Takeaways From the Hack of Jack Dorsey’s Twitter Account
FOX News: Twitter CEO Jack Dorsey’s own account was hacked, used to post vulgar messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
VentureBeat: Twitter is investigating CEO Jack Dorsey’s account being hacked
Gizmodo: Jack Dorsey’s Twitter Account Was Hacked
Evening Standard: Twitter CEO Jack Dorsey's own Twitter account hijacked with series of racist tweets
Daring Fireball: Jack Dorsey’s Twitter Account Was Compromised
Windows Central : Jack Dorsey, Twitter’s CEO, had his account hacked
TechCrunch: A hacker has compromised Jack Dorsey’s Twitter account
Daily Dot: Twitter CEO’s account hacked, retweets pro-Nazi propaganda
Tech Insider: How to delete your Fitbit account and erase your personal data
CBSNews.com: Hackers tweet racial slurs from Twitter CEO Jack Dorsey’s account
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
Heavy.com: Jack Dorsey’s Twitter Account Hacked by ‘Chuckling Squad’
Quartz: Jack Dorsey’s Twitter account got hacked—here’s what we know
Neowin: Twitter CEO, Jack Dorsey, gets account taken over by hackers
Tech Insider: It took Twitter longer to secure Jack Dorsey’s account from hackers than it would for a nuclear missile to travel around the world — and that should terrify you
Daily Beast: Twitter CEO Jack Dorsey’s Account Gets Hacked, Posts Racist Messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
Android Central : How to change your Twitter password and activate two-factor authentication
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
SFist: Hackers Seize Jack Dorsey’s Twitter, Make Bomb Threats, Praise Hitler
Axios: Twitter CEO Jack Dorsey’s account hacked
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
MobileSyrup.com: Twitter CEO Jack Dorsey has been hacked
The Inquisitr News: Twitter CEO Jack Dorsey’s Account Was Hacked
CCN: Jack Dorsey Twitter Hack a Sick Way to Protest Hate Speech
AP Breaking News: Twitter CEO Dorsey’s account sent racist tweets after hack
iAfrikan: Jack Dorsey’s Twitter account hacked
TIME: Twitter CEO Jack Dorsey’s Twitter Account Has Been Hacked
iMore: Worried about getting your Twitter account hacked? Set up 2FA to protect it
Memeburn: Jack Dorsey’s Twitter account has been hacked, yet again
The Guardian: Jack Dorsey: Twitter CEO’s account hacked in embarrassing security lapse
Android Central : Jack Dorsey, Twitter’s CEO, had his account hacked
RT USA: Twitter CEO Jack Dorsey’s account ‘compromised,’ posted racial slurs
Boing Boing: How did Twitter CEO Jack Dorsey’s account get hacked?
Android Authority: Regularly changing your Twitter password is important, as Twitter CEO found out
Tech Insider: What we know about how Twitter CEO Jack Dorsey’s account was hacked, and the group called ‘Chuckling Squad’ who is claiming responsibility
The Register: JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
Quartz: Hong Kong’s fast-learning, dexterous protesters are stumped by Twitter
Cybersecurity Insiders: Twitter Mobile Security flaw allows hackers to post Racist comments
SC Magazine: Twitter CEO’s account hacked in SIM-swapping scheme | SC Media
THE INQUIRER: Twitter CEO Jack Dorsey gets his Twitter account hacked
DataBreachToday.com: Hey Jack, How Was Your Account Hacked?
iTnews – Security: Twitter CEO’s hacked account sends racist tweets before being secured
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
Haaretz.com: Twitter CEO Jack Dorsey’s account sends out pro-Nazi tweets after being hacked


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


January 3, 2017
Matt Peckham / Time

Matt Peckham / Time  
CNN Uses Fallout 4 Game to Demonstrate How Russians Can Hack Things

The never-ending and oft-embarrassing challenge of depicting the complex world of hacking has a new, much-mocked example in CNN’s use of the mini-hacking game Fallout 4 in an attempt to visually display how Russia might engage in malicious hacking activity.  Fallout 4 owner Bethesda Game Studios took the awkward visual in stride, using it slyly in a tweet to pretend that it will be used in the upcoming season of Mr. Robot.

August 30, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Remote Data Backup Service Used by Dental Offices Across the U.S. Hit by Ransomware Attack

Remote data backup service PerCSoft, used by hundreds of dental offices across the U.S., is struggling to restore access to client systems after falling victim to a ransomware attack. PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. The ransomware attack hit PerCSoft on the morning of Monday, August 26, and encrypted dental records for some but not all of the practices that rely on DDS Safe. Some reports suggest PerCSoft paid the ransom and some reports suggest the decryptor provided by the attacker did not work.

September 1, 2019
Margaret Harding McGill / Politico

Margaret Harding McGill / Politico  
Google Reportedly to Pay $150 to $200 Million FTC Fine to Settle Children’s YouTube Privacy Violations

In what could be the largest civil penalty ever obtained in a children’s privacy case, the Federal Trade Commission (FTC) has voted to fine Google $150 million to $200 million to settle accusations that its YouTube subsidiary illegally collected personal information about children, according to a person familiar with the matter. The FTC voted 3-2 along party lines to approve the settlement, sending it over to the Justice Department as part of the review process. The previous record fine was a $5.7 million levy against the owners of TikTok earlier this year.

Related: The Hindu – News, Telecomlive.com, Gizmodo, The Financial Express, NDTV Gadgets360.com, TechSpot, Wall Street Journal, CNN, Reuters, CNET, New York Times