As if the credit card breach at Home Depot didn’t already look enough like the Target breach : Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses. In an update (PDF) released to its site on Thursday, Home Depot warned customers about the potential for thieves to use the email addresses in phishing attacks (think a Home Depot “survey” that offers a gift card for the first 10,000 people who open the booby-trapped attachment, for example)
Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers
Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0 . In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace.
Still Spamming After All These Years
A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email. Last month, security experts at Cisco blogged about spam samples caught by the company’s SpamCop service, which maintains a blacklist of known spam sources
KrebsOnSecurity Honored for Fraud Reporting
The Association of Certified Fraud Examiners today announced they have selected Yours Truly as the recipient of this year’s “Guardian Award,” an honor given annually to a journalist “whose determination, perseverance, and commitment to the truth have contributed significantly to the fight against fraud.” The Guardian Award bears the inscription “For Vigilance in Fraud Reporting.” Previous honorees include former Washington Post investigative reporter and two-time Pulitzer Prize winner Susan Schmidt ; Diana Henriques , a New York Times contributing writer and author of The Wizard of Lies (a book about Bernie Madoff); and Allan Dodds Frank , a regular contributor to Fortune.com and The Daily Beast . I’d like to thank the ACFE for this prestigious award, and offer a special note of thanks to all of you dear readers who continue to support my work as an independent journalist.
How to Tell Data Leaks from Publicity Stunts
In an era when new consumer data breaches are disclosed daily, fake claims about data leaks are sadly becoming more common. These claims typically come from fame-seeking youngsters who enjoy trolling journalists and corporations, and otherwise wasting everyone’s time.
‘Replay’ Attacks Spoof Chip Card Charges
An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure chip-based credit and debit cards. Over the past week, at least three U.S.
‘Spam Nation’ Publisher Discloses Card Breach
In the interests of full disclosure: Sourcebooks – the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.
Banks: Credit Card Breach at Staples Stores
Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement. According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.
Microsoft, Adobe Push Critical Security Fixes
Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products.
Who’s Watching Your WebEx?
KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in. Department of Energy’s WebEx meetings. At issue are recurring video- and audio conference-based meetings that companies make available to their employees via WebEx, a set of online conferencing tools run by Cisco