Privacy Roundup #0104 • March 2015
March 2015 brought fresh Snowden leaks, the FREAK encryption flaw and a run of breaches that put health, hotel and gaming customers at risk.
1. Hillary Clinton ran State Department email on a private server
A report revealed that the former Secretary of State used a personal email account on her own server for all government work. The disclosure raised questions about records law and the security of official messages.
2. Government released secret surveillance court opinions to EFF
After a freedom of information lawsuit, the government handed the EFF two long-hidden opinions from the surveillance court. The papers showed how judges reinterpreted the law after September 2001 to widen the reach of the NSA.
3. Snowden files exposed New Zealand's Waihopai spy base
New documents described how the Waihopai station, codenamed IRONSAND, sweeps up phone calls, emails and messages across the Pacific. The base feeds its take into the NSA system called XKEYSCORE.
4. New Zealand spied on its own trade partners
Further leaks showed that New Zealand's spy agency targeted about twenty friendly nations across the Asia Pacific region. The agency also used hacking tools to break into computers and pass data to the NSA.
5. CIA researchers worked for years to crack Apple security
Leaked papers showed that CIA-backed researchers tried to defeat the encryption on iPhones, iPads and Macs. One method aimed to taint Apple's developer tool so that apps would leak data to spies.
6. FREAK flaw let attackers weaken HTTPS connections
Researchers found a fault that forces browsers and servers down to weak, export grade encryption. An attacker could then break the key and read traffic that users believed was protected.
7. Premera Blue Cross breach hit eleven million people
The health insurer revealed that hackers had sat inside its network since May 2014. The exposed data included names, dates of birth, Social Security numbers, bank details and medical claims.
8. Twitch reset every password after a breach
The Amazon owned streaming site told all users to change their passwords following unauthorised access to accounts. The exposed data may have included email addresses, login details and limited card information.
9. Slack disclosed a hack of its user database
The messaging company said attackers had reached a database holding usernames, email addresses and hashed passwords. Slack reset affected accounts and added two-factor login in response.
10. British Airways froze Avios accounts after a hack
The airline locked many Executive Club accounts when attackers used stolen credentials to drain reward points. British Airways reset passwords and said it found no access to flight history or card details.
11. Point of sale vendor NEXTEP probed a card breach
Law enforcement warned the restaurant systems firm that some of its customer sites had been compromised. Fraud appeared on cards used at a soup chain that relied on NEXTEP terminals.
12. Mandarin Oriental confirmed a hotel card breach
The luxury hotel group admitted that card systems at several of its hotels had been accessed without permission. Malware stole guest card data, and the intrusion likely dated back to late 2014.
13. Wikimedia sued the NSA over upstream surveillance
The Wikimedia Foundation and eight other groups filed suit against the agency with help from the ACLU. They argued that bulk interception of internet traffic broke the First and Fourth Amendments.
14. Yahoo launched single use passwords at SXSW
Yahoo showed off a feature that texts a one time code to a phone instead of asking for a fixed password. The company pitched it as a way to ease the strain of remembering passwords.
15. States fought RadioShack's sale of customer data
Texas and dozens of other states objected to a plan to auction the personal records of millions of RadioShack customers. They argued that the sale broke the firm's own privacy promise and state law.
16. Natural Grocers investigated a card breach
The grocery chain looked into reports of fraud on cards used at its stores across the country. Sources said attackers broke in before Christmas and planted malware on the tills.
17. UK committee called for a new spy agency law
A parliamentary inquiry said the legal framework for the intelligence agencies needed replacing with a single clear act. The report admitted for the first time the scale of bulk interception by GCHQ.
18. EFF and experts urged the Senate to reject CISA
The EFF joined dozens of groups and security researchers in a letter against the data sharing bill. They warned that it would feed personal data to the NSA under the cover of cybersecurity.
19. Every major browser fell at the Pwn2Own contest
Researchers broke Chrome, Firefox, Internet Explorer and Safari at the annual hacking event in Vancouver. The contest paid out more than half a million dollars for working exploits.
20. Advantage Dental breach exposed 150,000 patients
The Oregon dental firm said malware on a staff computer let an intruder reach its membership database. The stolen records held names, dates of birth, phone numbers, home addresses and Social Security numbers.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: