The Hack List


#21

@daedal it’s a Wiki anyone can edit as long as they are Level 1 and above. If you have more Hacks just add them by clicking Edit on bottom right of original post.


(Noel Edmonds Beard Sculptor ) #22

(Is Santa here yet?) #23

Edit: apologies for the crap source but it was one of the first to have covered it


#24

I was just about to post a new thread about this :smiley:


(Is Santa here yet?) #25

I only use it to connect to things like Spotify but it’s going to mean changing passwords for a few places :woman_facepalming:


#26

Facebook says 50m user accounts affected by security breach


#27

I use it regularly, but only because the people I want to contact don’t use anything else!

Interesting to see how it effects the likes of EMMA (the app, not you :wink: ) - Or any other service that has any association with Facebook at all.


(Sacha) #28

The FCA’s report on the hack on Tesco bank makes for interesting reading (https://www.fca.org.uk/publication/final-notices/tesco-personal-finance-plc-2018.pdf)

Through a series of errors, which included Tesco Bank’s Financial Crime Operations
Team emailing the fraud strategy inbox instead of telephoning the on-call fraud
analyst (as Tesco Bank’s procedures required), it took Tesco Bank’s Financial Crime
Operations Team 21 hours from the outset of the attack to make contact with Tesco
Bank’s Fraud Strategy Team, a specialist group in the Financial Crime Operations
Team. In the meantime, nothing had been done to stop the attack, the fraudulent
transactions multiplied, calls from customers mounted and the attack continued.

Having identified PoS 91 as the primary channel and Brazil as the source of most
of the attempted fraudulent transactions, Tesco Bank’s Fraud Strategy Team put a
rule in place to block those transactions at 01:48 on Sunday, 6 November 2016.

Tesco Bank’s Fraud Strategy Team did not, however, monitor the rule’s operation
and discovered a few hours later, that not only was the rule ineffective, but the
attempted fraudulent Brazilian transactions were increasing, reaching a peak of
80,000 by Monday, 7 November 2016 (with Tesco Bank’s systems blocking
approximately 90%). The rule was ineffective because the Fraud Strategy Team
erroneously used the Euro currency code instead of Brazil’s country code when it
coded the rule designed to block PoS 91 transactions originating in Brazil.


#29

Why do you need to change passwords? The hack was for an access token, not passwords.


#30

Who ever was responsible for something so basic as the correct currency code is probably wondering why none of the other team even noticed.


(Aidan 🏳️‍🌈🐙) #31

Chegg sent out an email today saying they have had data compromised. (Chegg run a few websites with services aimed at students.)

Our understanding is that the data that may have been obtained could include your name, email address, shipping address, Chegg username, and hashed Chegg password.

https://www.chegg.com/contactus/path/No-Chat/1133100471/Why-am-I-being-asked-to-update-my-password-1.htm


#32

(Noel Edmonds Beard Sculptor ) #33

(Noel Edmonds Beard Sculptor ) #34

(Jamie 🏳️‍🌈) #35

Marriott


(Colin Robinson) #36

(Colin Robinson) #37

Hackers breach Quora.com and steal password data for 100 million users
Ars Technica

Other stolen personal data includes names, email addresses, and direct messages. Read the full story

Shared from Apple News

Sent from my iPhone


(Andre Borie) #38

Web link: https://arstechnica.com/information-technology/2018/12/quora-says-hackers-stole-password-data-and-other-details-for-100-million-users/


(Neil M) #39

Curious to know if Monzo is aware of this?


Especially the card detail leaks


#40

Hey @NeilM, I’ve moved this here to be with the other hack info. Fell free to add it to the wiki at the top, if you like!