Log in

Posts Tagged ‘Password’

Amazon’s shoe retailer Zappos attacked – Data of 24m gets affected

January 18th, 2012

Zappos center in Kentucky

You love shopping online, don’t you? It is easy, less time consuming and you can do it in your Pajamas ! No need to drive in the middle of the night to shop and waste a gallon of gas! Just a click of a button and your gift is at your door-step.

Hang on! The ‘easy’ shopping just got ‘difficult’ because you entered your credit card details online and now they are vulnerable. You thought they were secure but think again.

The recent hacking case of Zappos, Amazon’s shoe retailer, puts doubts in your mind about online shopping.

The news in detail

Information related to as many as 24 million customers was hacked into at the online shoe and clothing retailer Zappos. The retailer has requested customers to change passwords.

Zappos CEO Tony Hsieh posted an open letter online to all Zappos employees. Excerpts from the letter a “cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.” “The most important focus for us now right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help them through the process of choosing a new password for their accounts,” adding that the existing customer passwords had been terminated.

CEO Tony Hsieh further added, “We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident.”

The hacker most probably gained access to customer name, email address, billing and shipping addresses, phone numbers, the last four digits of the customer card numbers and the customer’s “cryptographically scrambled password.” Fortunately full credit-card and payment information has not been accessed by the hacker. This is the biggest cyber-attack since the Playstation Network hack last year. The site has been closed down for now especially for its international users. According to Zappos Amazon servers have not been affected by the hack.

Security revamp

Zappos is working with the police to investigate the matter and find out if the data was downloaded from its servers. The company has no idea as yet as to how and from where the attack originated. Zappos has discontinued its toll-free number and is responding only via email. Customers have been requested to change their passwords.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption

Tags: Amazon.com Credit card Customer Email address Kentucky Online shopping Password PlayStation Network Seattle security Tony Hsieh Zappos

Telstra closes down BigPond site after security breach

December 11th, 2011

Data breach in Australia – We are bringing you the latest report on Telstra breach, so read on.

Telstra’s customer self-service site, BigPond, was shut down after it disclosed private customer data to the public. Apparently a customer was easily able to bypass the front-page security of the BigPond self-help site and access data of other customers. The page that this user saw had Telstra bundled products. In addition, the user could access telephone numbers, users’ names, address broadband packages, technician visits and login-Password information.

The exact damage is not known as yet because Telstra immediately closed down its customer self-service site. To get into more technical details, the site is not directly hosted on a Telstra domain: it’s a cloud-based service on the custhelp.com domain operated by RightNow Technologies that is currently in the process of becoming a part of Oracle.

As of now Telstra’s BigPond POP and SMTP servers are offline. This is obviously a precautionary measure. Telstra is trying to get in touch with its customers to inform about the breach and maintain transparency. The case is under investigation and a complete report is expected by January. To be on the safer side, Telstra issued a blanket password reset against the addresses of around 60,000 customers whose passwords were compromised.

Details

The data that was exposed was in a search page, “Telstra Bundles request search”, that was only supposed to be accessed by Telstra customer service agents. Luckily or unluckily the user who was a member of the community broadband forum Whirlpool got on this page and realized he was accessing unauthorized data. Rumors is doing the rounds that credit check details have also been exposed but this piece of information has not been confirmed by Telstra as yet. According to a Telstra Spokesperson “We are unsure at this stage, it appears to be limited to bundled customers but we don’t know how man”.

According to Telstra’s 2011 annual report 659,000 new product bundles were sold in the year to June 30, 2011.

The Federal Privacy Commissioner is holding a complete investigation of the case and needless to say holds Telstra completely responsible for the breach. Mr Pilgrim, the Privacy commissioner, said “I have opened a formal investigation into the Telstra data breach.” ”I have asked that Telstra also provide me with a detailed written report on the incident, including how it occurred, what information, if any, was compromised and what steps they have taken to prevent a re occurrence.

Customers are obviously very angry because their businesses depend on this website. They are venting out their anger on Twitter as per the recent tweets. A few have threatened to leave the network if things don’t get back on track soon.

Leaks can be avoided by installing Alertsec encryption service

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops. Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Data breach at Telstra, customer data exposed

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Australia BigPond Customer E-commerce payment system Password privacy RightNow Technologies Telstra User (computing) Whirlpool

Officials Defend their Response to Security Breach

December 11th, 2010

: Security Breach in London

Recently an incident of massive security breach happened in London area school board. Two senior education officials said that many lessons can be learned from this breach that exposed 27,000 student passwords on the Internet.

How Did Security Breach Take Place

One of the senior officials Bill Tucker, who is education director at the Thames Valley District School Board, his website was hacked in the October attack. As a free press investigation published on Saturday revealed that it took the school board more than 12 hours to call police about the breach, the board’s top official defended its response.

Tucker said on Sunday that,”I’m absolutely comfortable with the way senior administration responded to the breach, we found out late in the afternoon (Oct. 20), the student portal (on the board’s website) was shut down, police found out the next morning and at no time was student safety at risk”.
“Any e-mails going around were copied to me and I insisted on face-to-face meetings (with administrators handling the breach) because the situation was so serious”. He said, “It’s been a learning experience for the board, as a school board, we’ve learned many lessons”. For instance, when we are looking at the encryption of new codes, we need to get on top of it a lot faster, in terms of adapting to new technology.

Obtained emails show that while administrators knew before 9:30 p.m. on 20th Oct. that the board’s website had been hacked and that passwords for more than 27,000 high school students had been posted on facebook hours earlier, the board was not alerted the police until 9:30 a.m. the next day.

Security Risks of Breach

There were immediate security risks because many high school students use their passwords for other purposes, like banking and other online accounts. But that’s not how some Thames trustees sees it.

Officials Defending Response:

New board chairperson Tracy Grant wrote in an e-mail response through facebook that “our administration did react swiftly to the breach, immediately shutting down the portal and ensuring the security of the system, most people are aware that they should personally guard their passwords and not use the same password for different applications – I think our students are particularly aware of the importance of changing and protecting their passwords”.

Grant did not respond to a request for clarification or provide a contact phone number but pointed out London police began a so called Code 3 response to the situation, “indicating it was not of highest priority”.

Arlene Morell, a parent who heads the board’s parent involvement committee, said that the primary concern should always be the safety and protection of all students. “And I believe it was, freezing, shutting down and whatever they can do internally to ensure the protection of students was safeguarded,” she said.

Data breach is the unintentional release of secure information to an untrusted environment so the protection of data (information security) is very important.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

School board to upgrade security after 27,000 student passwords hacked (theglobeandmail.com)
Teen charged after 27,000 student passwords posted (thestar.com)

No comments »

Posted in data breach

Tags: data data breach data security Information Loss London Password security Student

Laptop Stolen at Department of Labor

July 17th, 2010

: Laptop Image by servus via Flickr

Department of Labor’s Bridgeport office has reported loss of confidential unemployment insurance information which has affected about 5,000 individuals and employers. The news was reported last week by the officials. The stolen laptop contains confidential information including Social Security numbers of the claimants of unemployment insurance who had problems with wage discrepancy as well as the data for certain employers in the Bridgeport region.

The department is sending notification mails to all the 5,000 affected people and employers providing them free credit.

Luckily the authorities say that the laptop is encrypted and secured by a series if passwords which would make it extremely difficult to break down the information. The records are containing Full Social Security numbers as per the rules stated by federal laws, however the SSN records are encrypted as well.

Labor Commissioner Linda Agnew said, “While we do not believe the information can be accessed from the laptop’s database and therefore used in a manner that will compromise the security of these individuals, all those potentially impacted by this crime will be offered free, full-service identity theft and credit protection”.

Threat Assessment of the incident

Since the laptop is encrypted and is protected by a series of passwords, it greatly reduces the severity and extent of attacks. But that said, one also needs to understand the type of protection mechanism used and what if the person who has conducted the theft is aware of the password himself.

However, the key highlight that we would want to make is the danger of risk has been averted to a larger degree due to encrpytion mechanism of some kind. This is exactly the point we raise on and on-going basis through our posts, analysis and news.

Get Laptop Encryption now !!

While huge sums are spent on protecting internal networks from hackers, employees are walking out the front door with laptops that not only have vast quantities of data stored on them, but also have applications connecting to internal networks and protected websites.

80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop encryption installed, none of the information or credentials would have been lost. Try Alertsec Express now.

Cyber Security on the Road (wisebread.com)
Why Use Data Encryption? (brighthub.com)

No comments »

Posted in laptop encryption, laptop theft

Tags: Crime data Encryption identity theft Password security Social Security number Theft

How to Install Alertsec Xpress?

May 18th, 2010

With changes in the government’s regulatory requirements and increasing concern over the rise in data breaches organizations are now under severe pressure to implement full disk encryption for laptop security and also for ensuring security of sensitive data.

Installing Alertsec Xpress Encryption software is fairly simple and all you need is just three easy steps:

Register for your subscription or 30-day free trial of our encryption software
Register your personal Alertsec Xpress subscription or 30-day free trial.
Receive an email from Alertsec Xpress with a link to your Alertsec Xpress subscription or 30-day free trial.
Download and activate Alertsec Xpress online
Follow the simple guidelines in the mail and click on the link.
Download your Alertsec Xpress subscription or 30-day free trial.
Alertsec Xpress will initiate and install the encryption software automatically on your command.
Set your username and password to personalize your installation.
Your laptop is now fully protected by Alertsec Xpress
Powered by Check Point Full Disk Encryption – the world’s most trusted encryption software.

Here’s a tutorial video which explains how to install Alertsec Xpress

Choose Alertsec and Secure your Laptop

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.