Home Depot Hacked: 53 Million Emails Stolen; List Notifications Sent
At least 53 million customers' email addresses have been stolen by hackers from Home Depot, several reports said.
This came after the company's earlier announcement that at least 56 million payment cards have been stolen from the "world's largest home improvement chain," Reuters said.
The hacking incident was confirmed by Home Depot last September. A BBC News report said that the hacking took place between April and September. They have already traced how the hackers accessed its network. It noted that the hackers used the username and password of a third-party vendor.
"Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices," Home Depot said in a statement issued November 6.
"The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada," it added.
But the company said that customers do not have to worry so much as the hacked files "did not contain passwords, payment card information or other sensitive personal information."
The statement was just a way of "notifying affected customers" in the United States and Canada. However, Home Depot warned its customers to be alert against phishing scams that may trick them and convince them to share personal information.
According to BBC News, analysts have already considered this hacking incident as "one of the largest breaches on record" even greater than that of Target's previous breach incident. The company also said that the breach would cost them roughly $62 million, as reported by Reuters.
To allay fears, Home Depot reiterated that the malware that was used in the attack has already been eliminated from their systems. It also claimed that they continue to investigate and to coordinate with law enforcement to improve security measures.
The statement also revealed that the company has already been implementing "an enhanced encryption of payment data in all U.S. stores." With the use of this new security protection, payment card data are being locked down, making it useless and impossible for hackers to read. Voltage Security, Inc. is the provider of Home Depot's encryption technology. It has also been tested and validated by two independent IT security firms, it added.
10% Of Morgan Stanley High Net Worth Clients Just Had Their Data Stolen
Morgan Stanley (MS) fired an employee it said stole data, including account numbers, for as many as 350,000 wealth-management clients and posted some of the information online.
The bank alerted law enforcement and found no evidence that clients lost any money, New York-based Morgan Stanley said today in a statement. The firm said it detected account information for about 900 clients on an external website and “promptly” had it removed.
“Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident,” the company said in the statement.
Banks are spending more to protect client data as hacking attacks increase and technology makes dissemination and use of data potentially more widespread. Government agencies and regulators around the world are urging greater vigilance to counter cybercrime after an attack against JPMorgan Chase & Co. last year compromised personal information of about 76 million households.
Morgan Stanley didn’t name the fired employee. The bank said it’s notifying all potentially affected clients, which represent about 10 percent of its wealth-management customers, and enhancing security on those accounts.
The information didn’t include passwords or Social Security numbers, according to the statement. Bank account and credit-card data also weren’t compromised, according to a person briefed on the bank’s investigation who asked not to be named because the probe is ongoing.
All it takes is one employee
Now I am waiting who is the government going to sanction for this one
Who was that employee employed by
He was employed by the uncle
Sanctions to North Korea are imposed to stop Russia building the pipeline through North Korea. No other reason. "Hacking" Sony is a bad PR stunt for an even worse peace of crap movie (and Sony knew that the movie would be a failure without some PR like the pulled - but this time it will be the first time that a bad advertisement will be used to enter yet another war)
Shhhhhh ... or they are going to sanction your house too
Cybercrime ring steals up to $1 billion from banks: Kaspersky
A multinational gang of cyber criminals has stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years, Russian computer security company Kaspersky Lab said on Saturday.
The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what it being called an unprecedented robbery.
The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies' or individuals' accounts. It said the gang included cyber criminals from Europe, including Russia and Ukraine, as well as China.
Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing. They were then able to get into the internal network and track down administrators' computers for video surveillance.
In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.
In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem.
Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.
Finally someone steals from the thieves - good job
What we know about the bank hacking ring - and who's behind it
It looks like a few Russian hackers have just pulled off the biggest bank heist ever.
The numbers are shocking: hundreds of millions of dollars were stolen from 100 banks in 30 countries. The exact amount is unknown at this point. On top of that, the banks could lose possibly hundreds of millions more in related costs. And it all went mostly unnoticed until sometime last year.
On Monday, Russian cybersecurity firm Kaspersky released its report painting a startling picture of a worldwide operation that infiltrated major banks and turned ATMs into cash-spewing zombies.
What did they hit?
These hackers mostly attacked banks in Russia, but they also went after financial institutions in the United States, Germany, China and Ukraine, according to Kaspersky. The company declined to name specific banks, citing ongoing client relationships.
Kaspersky managing director Christopher Doggett said researchers managed to discover as much as they did by hacking into the hackers' computer servers.
"All of the cybercrime we've seen up until this point has been to a different level," he said.
What did they get?
Hackers managed to steal the money in all sorts of creative ways, Doggett said. They managed to take $7.3 million by reprogramming a single bank's ATMs. Another bank lost $10 million from its hacked online platform alone.
Then there's sensitive consumer data. The hackers were also deep enough in the computer systems at banks to gain information about their customers. For instance, hackers had full access to all email accounts at several Russian banks, according to Kaspersky.
Hackers also managed to obtain the secret keys that ATMs use to make sure your PIN is valid, Kaspersky said. It's unclear what they could do with such information.
How did they do it?
Hackers used botnets -- fleets of spam-spewing slave computers -- to send out wave after wave of malware-laced emails.
Bank employees who opened them inadvertently let hackers sneak into computers. The criminals eventually gained complete control of the systems using employee credentials.
With that authority, hackers opened accounts in different places and moved money around at will. Kaspersky notes that, in some cases, they used the interbank network SWIFT (Society for Worldwide Interbank Financial Telecommunication) to quickly shift funds from one place to another.
By having full access to email exchanges, hackers also became intimately familiar with banks' anti-fraud measures. They also learned how to avoid setting off alarms.
For example, they limited theft at any single bank to $10 million to avoid triggering a full-blown analysis, Kaspersky's report said.
Then there's this painful realization: One bank could have avoided getting hacked in a particular way if its employees had just applied the usual Microsoft update, Doggett said.
Who is behind this
Kaspersky researchers traced this attack back to hackers in Russia, China and several spots in Eastern Europe, Doggett said. The report described them as criminals -- not a nation state -- and noted that they mainly targeted Russian-speaking banks with malware-laced emails in Russian.
But one Dutch Internet security firm, Fox IT, claims this attack bears all the hallmarks of a small group of Russian hackers that attacked Russian banks in a similar fashion last year. They used the same malware to break into bank computers, reprogram ATMs and hack into the payment systems at a dozen American retailers.
But Kaspersky said it's too early to tell if both hacking groups are the same.
Please enable the necessary setting in your browser, otherwise you will not be able to log in.