Log in

Posts Tagged ‘data theft prevention’

Video game company Valve notifies its Gamers of data breach

November 15th, 2011

Gabe Newell confirms the data breach

You are an video game addict. You can’t have enough of it. You are entering your private data in there thinking you are in safe hands, thinking your data is secured. Alas! Your private data just got stolen!

We are talking about the latest data breach that occurred at the video game company Valve. Valve’s gaming cloud service Steam was hacked last week causing breach of personal data of game users. This was published on the forums and users have been asked to scrutinize their credit card statements. Gabe Newell, Valve co-founder notified on the forum on Thursday confirming the breach.

How did it happen?

On the night of November 6, the intruders defaced the site’s forums. They accessed the database that contained user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information.

Post-breach

Steam forums have been taken offline. The sites were shutdown because of the defacement.

What does Gabe Newell, the co-founder, have to say about it?

Gabe said “the intrusion goes beyond the Steam forums”. According to Mr Newell there was no evidence that the encrypted credit card information or personal data of gamers had been taken. He said, “we are still investigating”.

He further added that only a few forum accounts had been compromised and were defaced. That said, all forum users should change their passwords immediately as soon as the website is back on track.

“I am truly sorry this happened, and I apologize for the inconvenience,” was was Newell said before winding up his speech.

About Steam

Steam is a gaming service that allows gamers to buy, download, play and chat games. Some of these have been made by Valve itself.One can browse through the current 1,500 titles which include Skyrim, LA Noire and Modern Warfare 3 along with other free games.

Security check

Users should change passwords, monitor credit card statements, remove card numbers from Valve’s servers. Never use the same password for more than one site on which you use your credit card.

At the back of your mind you may be thinking that Valve will give you some freebies in order to make up for this breach. Maybe it will. But will it make you play games again knowing your data might get compromised?

Bad time for Internet companies?

It started with Sony PlayStation network which was hacked compromising 77 million accounts. Hackers are now confident thatn they can hack e-commerce sites. They are getting better at it daily and our recent news reports have confirmed this. Internet crime is increasing at a fast pace, companies need to act now and strengthen their security policies.

Alertsec – Need of the hour

Organizations must have essential security guidelines to combat any internet crime. This news item makes it all the more clear why data protection in applications is a must. Alertsec offers Data encryption software and recovery software at a reasonale price. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in computer security software, data breach, data encryption

Nokia Developer Network hacked

September 1st, 2011

NDN hacked exposing developer data

Hackers are firing rounds after rounds of data breaches. They are getting better at it and taking advantage of the fact that security systems are not that robust.

Nokia’s developer forum was recently hacked and a database table containing e-mail addresses of developer forum members was accessed. This was done by exploiting vulnerability in the bulletin board software that allowed an SQL injection attack.

As per statement given by Nokia “Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” the statement said.

Apparently the bug was quickly fixed but the developer community website was taken off. The discussion boards are not yet accessible. As per Nokia’s advisory the service should be up and running soon.

Those who visited the site before it was closed were redirected to a website that showed an image of Homer Simpson smacking his head and exclaiming “D’Oh.” Just below his picture were the words “Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!”

The site is under further investigation and security assessment. Initially it was assumed that only a small number of email addresses were accessed but later it was found out that a large amount of data was compromised.

The company further adds “We are not aware of any misuses of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited e-mail.” Nokia added that it “apologizes for this incident.”

The attack was claimed by a hacker known as “pr0tect0r AKA mrNRG”, believed to be based in India.

This happened at a bad time for the Finnish company as it is quickly losing market share to Apple’s iPhone and to companies that manufacture smartphones that use Google’s Android OS. Nokia is looking to increase its share of the U.S. market through a partnership with Microsoft. Nokia plans to start a new line of Windows Phone 7-powered phones by end of 2011 or early in 2012.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

It’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Computer security, Data Protection, Hackers, computer security software, data breach, data encryption

Tags: Android computer encryption software data breach data security data theft prevention Email address Google Homer Simpson ICQ Internet forum IPhone Nokia security SQL injection Table (database) Uniform Resource Locator Windows Phone 7

Sony’s mainstay insurance provider refuses to accept liability for damages and compensation

July 25th, 2011

Battle between Sony and Insurer Zurich American Insurance Co. over Playstation hacks

After reading this piece of news you might wish you were not a PlayStation Network (PSN) user!

Sony’s mainstay insurance provider, Zurich American Insurance Co., is refusing to accept liability for damages and compensation regarding the recent hacks where 77 million PSN customer accounts were compromised.

The insurance provider has filed legal papers covering a total of 55 pending class-action lawsuits that customers have lodged against Sony.

The firm has brushed off its responsibility of covering data breach monetary damages as well as any other miscellaneous claims made by Sony.

History

Sony’s PlayStation Network and Qriocity networks were compromised in the month of April. According to their statement “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”

On Tue April 26 Sony confirmed that personal data of millions of customers had been compromised.

On Wed April 27 a class-action lawsuit was filed in the U.S. accusing Sony of failing to protect, encrypt and secure the private and sensitive data of its users.

Present

Nevertheless, Sony has gone ahead and filed insurance claims as it feels it is a fair coverage under previously agreed upon terms.

According to Sony the financial loss from the breaches is more than $178 million this year. The Japan based firm wants the insurer to cover costs related to the 55 class-action lawsuits under a general liability insurance policy written by Zurich.

Customer reactions and cyber risks

Customers are furious about their loss of privacy and waiting for settlements. It is time to redefine cyber security and the legalities there in. Companies are under the impression that general liability insurance covers everything. According to Ty Sagalow, an insurance consultant and founder of Innovation Insurance Group, “There are probably still some risk managers out there that think that their comprehensive general liability policy cover breaches,” says Sagalow, who was one of the main experts in charge of first drafting cyberinsurance policies for Zurich when he worked for the company prior to starting his own consulting shop. “These types of cyberevents are not covered in the typical standard forms of insurance.”

Cyber insurance

Cyber insurance is the insurance which covers loss occurred over the internet . The phenomenon is a recent one and yet to stabilize. Hence organizations like Sony must take into account adding additional coverage that can hold up to court scrutiny when things go haywire.

How can Alertsec help in cases of data breach?

Alertsec Xpress is the security service that protects data stored on your PC. As laptops are used in place of desktops, chances of data getting hacked are more. Unless your laptop is encrypted, you are running a big risk of your data getting compromised.

Encryption software helps enhance the laptop security. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software that simplifies data protection.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, Uncategorized, identity theft

Tags: breach notification Class action Computer security data breach data security data theft prevention Enter your zip code here Games insurance Liability insurance PlayStation 3 PlayStation Network Qriocity security Sony United States Video game Zurich

WellPoint fined $100,000 for breach

July 12th, 2011

Indiana State files lawsuit against data breach

Health insurer WellPoint (Indiana-based) has to settle a fine of $100,000 to for a data breach that involved the personal information like name, date of birth, address, Social Security number, telephone number, e-mail address, and health and financial information of 32,000 Indiana customers.

Why?

The reason for the fine is because it waited for long before informing Indiana officials of a security breach that involved personal information of 32,000 members. It has also been asked to reimburse affected parties up to $50,000 as part of the settlement reached with the Indiana Attorney General. In addition it has to provide up to two years of credit monitoring and identity theft protection services to affected customers.

“This case should be a teaching moment for all companies that handle consumers’ personal data: If you suffer a data breach and private information is inadvertently posted online, then you must notify the attorney general’s office and consumers promptly,” Zoeller, Indiana Attorney General, said. “Early warning helps minimize the risk that consumers will fall victim to identity theft.”

What happened?

Personal information was compromised at least 137 days between October 2009 and March 2010. According to the suit WellPoint learned of the problem Feb. 22, 2010, but didn’t inform the clients until June. The Indiana state law also required that the Attorney General’s office be immediately notified but Wellpoint failed to do so.

The lawsuit

The Indiana Attorney General lawsuit alleged that member information was accessible from Oct. 23, 2009 till March 8, 2010. It stated further that WellPoint received written notification from Sarah Groveunder, a consumer, about the breach but failed to contact her till Mar 4. WellPoint started informing affected consumers only from June 18 and did not finish notifications until July 30.

What is surprising is that warning letters to a total of 47 companies were sent since the 2009 law went into effect for being slow to notify authorities about breaches. “Many companies keep vast quantities of consumers’ personal data and they are required to handle it confidentially and not carelessly. That’s not just good business practice; that’s the law,” Zoeller said in a statement

Security

According to Legal Newsline the site was immediately secured. WellPoint issued the following statement soon after the settlement: “Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members’ and applicants’ personal information. We have implemented I.T. security changes to ensure that this situation will not happen again, and we have received no indication that any information that may have been accessed has been used inappropriately.

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers gets compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: breach notification breach notification laws business computer encryption software Computer security data breach data security data theft prevention Encryption Enter your zip code here Indiana Personally identifiable information security Social Security number WellPoint

Personal data compromised at Washington Post

July 8th, 2011

Hackers hit Washington Post

Hacking seems to be getting a profession these days and that too an exciting and lucrative one !

Security experts have been warning all organizations that they are vulnerable to cyber-attack. These attacks are not only limited to small companies but also big companies like Sony, NASA etc.

Definition of hacking

According to Wikipedia Hacking may refer to:

Computer hacking, including the following types of activity:
- Hacker (programmer subculture), activity within the computer programmer subculture
- Hacker (hobbyist), to heavily modify the software or hardware of one’s own computer system
- Hacker (computer security), to access computer networks, legally or otherwise
- Computer crime

Latest vicitm of hacking

The Washington Post Jobs site has been hacked ! Hackers accessed its employment Website and stole 1.27 million userIDs and e-mail addresses of its registered job-hunters.

According to the newspaper publisher’s July 6 report hackers hit the Washington Post’s job board twice, once on June 27 and again on June 28. They stole roughly 1.27 million user IDs and e-mail addresses. Fortunately passwords to the actual Jobs account and other personal information such as resumes and personal addresses were not compromised.

“We quickly identified the attack and took action to shut it down,” the Washington Post said.

Users may receive spam as a result of the breach and should avoid opening suspicious or unsolicited e-mails or responding to the messages, according to the Post. The problem is even more serious than that, according to Josh Shaul, CTO of Application Security.

This breach has affected the registered users big time. The people registered on the site are job-seekers who fall for spear phishing. “It’s impossible to resist looking into legit looking e-mails that come in offering you the opportunity to work,” said Shaul.

Washington Post has confirmed that additional security measures to prevent similar attacks have been implemented, and is “conducting a thorough audit of the security of the Jobs site.”

Michael Sutton, vice president of security research at Zscaler Labs, in an e-mail said “From the attacker’s perspective however, harvesting 1.27 million active email addresses constitutes a successful attack. When e-mail addresses can be sold in the underground market or used to send spam, there’s little doubt that the data breach will be leveraged for profit.”

Is hacker group Anonymous behind the attack?

This attack could be the work of Anonymous or any of the other members of the AntiSec campaign. Anonymous has been very active in recent weeks, breaking into the Arizona Police Department, among other targets.

AntiSec has typically targeted large governmental and media giants. But so far no one has admitted their role in this attack.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.