Archive for Hacked

Loblaw Resets The Passwords Of ALL PC Points Users For Security Reasons

Posted in Commentary with tags on February 21, 2017 by itnerd

It seems that the hack of the Loblaw PC Points rewards program isn’t going away as every member of the rewards program have gotten e-mails over the weekend that Loblaw has reset their passwords. Meaning that even if they reset their passwords when the hack became public, they’ll have to do it again. Plus the PC Points website has this message communicating the same thing:

capture

This is an indication that the company feels that passwords are the issue and likely continue to be an issue. As a result, they’ve taken this step to try and make the problem go away. Though you have to wonder if after making their users do this, will it address the issue or will this problem simply resurface.

I’ll be keeping an eye out to see what happens.

Advertisements

Arby’s Pwned By Malware…. Credit Card Info Swiped

Posted in Commentary with tags , on February 9, 2017 by itnerd

Today is clearly the day for hacks. The latest company to disclose that they’ve been pwned by hackers is fast food chain Arby’s. Apparently hackers used malware to swipe credit card data according to security expert Brian Krebs:

A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity.

“Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant,” their statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.

I really don’t think anyone knows the difference between franchised and corporate locations and as a result customers will steer clear of both. But the use of malware to swipe credit card data isn’t new. Just ask Home Depot who got hit by this a while back. But these attacks are clearly on the rise and companies need to ensure that they are defending themselves against this threat.

Canadian Tire Website Pwned By Hackers

Posted in Commentary with tags , on February 9, 2017 by itnerd

Today is a bad day for Canadian retailers. Apparently Canadian Tire joins Loblaw in being pwned by hackers as the former has apparently shut down customer access to their online accounts because of a hack. Global News has the details:

“We recently noticed unusual traffic on our website and suspended customer sign-in capabilities while we investigate,” said Canadian Tire communications manager Stephanie Nadalin.

Since the beginning of the week, customers trying to access their points and credit card information on their computers have been greeted with the following message:

“Our sign-in option is temporarily unavailable and we are working to resume services as soon as possible. We apologize for the inconvenience.”

So unlike the Loblaw hack where it appears that customers told the company that they had been pwned, Canadian Tire appears to have detected that something weird was going an and shut everything down. That’s the way things should work. But that doesn’t mean that all is right in the world. This hack could have started yesterday or two years ago and they only noticed now. And given the that their site has been inaccessible for days, I’m pretty sure they don’t know what the extent of the hack is. Hopefully Canadian Tire is transparent about all these details when they have a full assessment so that they can reassure their customers that their information is safe or “safe.”

Loblaws PC Plus Rewards Systems Pwned…. I Need To Change My Password

Posted in Commentary with tags , on February 9, 2017 by itnerd

Groceries are not cheap these days. So my wife and I shop at Loblaw where we can earn points on specific groceries that we by which we can then redeem to buy groceries. There have been times where we have redeemed enough points to not have to pay a cent for weeks worth of groceries. That seems like a good deal. Until I woke up this morning and found that the systems that run PC Plus rewards have been hacked. Here’s the details:

Loblaw is warning PC Plus rewards collectors to beef up their passwords after points were stolen from some members’ accounts.

“We are treating this as a breach as individual member accounts were accessed and points were stolen,” said Kevin Groh, the company’s vice-president of corporate affairs and communication, in a statement.

The breach stems from people using favourite or weak username and password combinations across multiple sites, he said.

These combinations were stolen from other sites and used to access PC Plus accounts, according to Groh.

Okay. I will admit that people reusing passwords is a #fail waiting to happen. But this statement does have a bit of a “blame the victim” slant to it as their intrusion detection systems should have been able to detect unusual activity. Assuming that one was in play of course. The way this story reads, it seems like Loblaw found out about this when PC Plus members lost points and told the company. That’s a scenario that should never happen. In the meantime, if you’re a member of PC Points you should change your password to something unique and strong and check your points balance to see if you too have been pwned. I’m advising my wife to do that right now.

UPDATE: I would also strongly recommend that you check to see if there are additional cards on your PC Points account. Reports are now starting to surface that people who have lost points have found additional cards on their accounts. Clearly this is how the points are being stolen.

UPDATE #2: This apparently has been an ongoing issue for Loblaw. Many thanks to “Lisa” who directed me towards this thread on Red Flag Deals that indicates that this hack started late last year. Clearly Loblaw has some explaining to do as they really should have been up front with the public long before now.

Film Festival & Library System Both Get Pwned By Hackers

Posted in Commentary with tags on January 24, 2017 by itnerd

It appears that 2017 is shaping up to be the year of pwnage with the two latest examples being the St Louis Public Library System and the Sundance Film Festival. First, The Guardian has details on the former: 

Libraries in St Louis have been bought to a standstill after computers in all the city’s libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims.

Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city’s 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines.

As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks.

That sucks. Now over to Variety for news on the latter:

According to the festival’s Twitter account, a cyberattack forced the closure of its box office on Saturday.

All movie screenings will go on as planned, according to festival organizers.

“Our artist’s voices will be heard and the show will go on,” the festival added.

The cyberattack occurred shortly after Chelsea Handler led a Women’s March in Park City to protest the election of Donald Trump, at around noon MT. Roughly 40 minutes later, online ticketing for future shows had been restored.

It’s unclear if the attack was related to crowds in Park City, holding empowerment signs and speaking out against Trump.

Clearly this is a sign that anyone and everyone can get pwned by hackers. Thus everyone needs to make sure that their defences are in order to avoid being the next victim that I write about.

Maker Of Clash Of Clans Pwned… Data Leaked

Posted in Commentary with tags on January 17, 2017 by itnerd

Players of the popular game Clash Of Clans as well as Hay Day, Boom Beach and Clash Royale should change the passwords to the user forums that the company uses as Supercell who makes those games has confirmed that they’ve been hacked and user data related to the user forum was stolen. However, game data was not affected. According to Motherboard, over a million accounts have been affected.

It really seems that 2017 is going to be the year of pwnage. And we’re only 17 days in.

Trump Appoints A Cyber Security Advisor Who Has A Horribly Insecure Website

Posted in Commentary with tags , on January 13, 2017 by itnerd

President Elect Donald Trump has appointed Rudy Giuliani to be his cyber security advisor. Here’s the problem. If you go to his website which is www.giulianisecurity.com, which is down as I type this for reasons unknown, it becomes clear to cyber security experts that it is a cyber security nightmare that anyone can easily pwn. Robert Graham of Errata Security detailed this in a blog post:

The results have been laughable, with out-of-date software, bad encryption, unnecessary services, and so on.

But here’s the deal: it’s not his website. He just contracted with some generic web designer to put up a simple page with just some basic content. It’s there only because people expect if you have a business, you also have a website.

That website designer in turn contracted some basic VPS hosting service from Verio. It’s a service Verio exited around March of 2016, judging by the archived page.

The Verio service promised “security-hardened server software” that they “continually update and patch”. According to the security scans, this is a lie, as the software is all woefully out-of-date. According OS fingerprint, the FreeBSD image it uses is 10 years old. The security is exactly what you’d expect from a legacy hosting company that’s shut down some old business.

To add to this, The Register got someone to look at the site. The results are not good if you’re Giuliani. This really don’t project him in the best light as a “cyber security advisor” as you’d think he’d get someone to make sure that he didn’t get pwned by hackers (if he hasn’t already seeing as the site is down).

Quite simply, the optics of this are not good.