Collaborate Disseminate
Teenage hackers have been making thousands of pounds selling stolen accounts for popular online game Fortnite, it emerged this week. Continue reading Fortnite hackers making a fortune from reselling stolen accounts
Dunkin’ Donuts has alerted customers to a data breach that may impact those who signed up to DD Perks, the company’s loyalty program. The fast-casual restaurant chain learned Oct. 31 that thieves obtained username and password information belonging to Dunkin’ customers via a credential stuffing incident. Those attacks occur when cybercriminals take credential information leaked in other data breaches then plug that data into other sites, targeting users who re-use the same password on multiple sites. “Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’,” the company said in a statement. Compromised information included customers’ first and last names, email addresses, their 16-digit DD Perks account number and the DD Perks QR code. Dunkin’ did not disclose […]
The post Dunkin’ Donuts struck in latest credential stuffing attack appeared first on Cyberscoop.
Continue reading Dunkin’ Donuts struck in latest credential stuffing attack
The donut giant first noticed the attack Oct. 31. Continue reading Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack
The data breach includes names, addresses, transaction histories, account information and more. Continue reading HSBC Data Breach Hits Online Banking Customers
HSBC disclosed a security incident earlier this week, saying that a small number of U.S.-based bank accounts were breached. In a letter template sent to the California Attorney General’s office, the bank said it became aware of online accounts being accessed by unauthorized users between Oct. 4 and Oct. 14. The bank started notifying affected customers on Tuesday. Once the company was made aware of the unauthorized activity, it suspended online account access. “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” a spokesperson for the bank said. “We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts. We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service.” The company says the attackers accessed […]
The post HSBC discloses breach of U.S. bank accounts appeared first on Cyberscoop.
Continue reading HSBC discloses breach of U.S. bank accounts
AdGuard has taken the decision to reset all user accounts after suffering a credential-stuffing and brute-force password attack. Continue reading AdGuard adblocker resets passwords after credential-stuffing attack
Netflix phishing scammers are at it again, sending emails that try to steal sensitive details from subscribers. Continue reading Warning issued as Netflix subscribers hit by phishing attack
Security researcher and privacy advocate Troy Hunt has reported an intriguing incident involving a free, public, and anonymous hosting service. Apparently, a large database containing email addresses, passwords in clear text and partial credit card det… Continue reading Dataset with 42 Million Emails and Passwords Uploaded on Kayo.me
Eight years ago, there wasn’t even a term for the practice of testing consumers’ stolen credentials against multiple e-commerce sites to see if they’ll enable account takeovers (ATOs) and other forms of fraud. Now, the US consumer ban… Continue reading How Much Does Credential Stuffing Cost Your Business?
Over two billion credentials were stolen in 2017 and contributed to the complex problem of credential spills, credential stuffing and account takeover fraud. Continue reading ThreatList: Sizing Up The Scourge of Credential-Stuffing