Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The worst security SNAFUs this year (so far!)

Ellen Messmer | July 16, 2014
From denial-of-service attacks to cyber-espionage to just plain old human flubs, network security SNAFUS abound.

Coca-Cola said a former employee in Atlanta stole 55 laptops that had contained unencrypted personal information on about 74,000 people, most of them Coca-Cola employees. The company didn't say how it had regained the laptops but acknowledged to the Wall St. Journal that company policy requires laptops to be encrypted but these stolen laptops weren't.

AOL said a cyberattack had compromised customer e-mail accounts, possibly tens of millions of them, and urged AOL users to change their passwords.

Canadian police arrested a 19-year-old man for allegedly exploiting the Heartbleed Bug to steal data about taxpayers. They said Stephen Arthuro Solis-Reyes of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, including Social Insurance Numbers for about 900 people there.

After months investigating a data breach of its payment system, Michaels art and crafts store chain said information on 3 million payment cards from customers were compromised. Plus, at a subsidiary Aaron Brothers art and framing stores, 400,000 customer payment records were compromised.

The Heartbleed Bug, a flaw sound in some versions of OpenSSL code, set off a worldwide stampede to update affected vulnerable servers and other gear. But there were some missteps along the way. Akamai Technologies, whose networks handles up to 30% of all Internet traffic, said it was re-issuing all SSL certificates and security keys used to created encrypted connections between its customers' websites and visitors to those sites after a researcher found fault in custom code the company thought had shielded most of its customers from the Heartbleed Bug.


Government prosecutors named 27-year-old Nicholas Knight, a former Navy systems administrator assigned to the nuclear reactor of an aircraft carrier, as the leader of an antigovernment hacking group called team Digi7AL, which allegedly broke into networks of more than 30 governments, companies and individuals two years ago to steal personal information about employees and customers. Knight had been discharged from the navy after prosecutors accused him of trying to hack into a Navy database while on board the USS Harry S. Truman.

eBay informed the public that hackers had stolen about 145 million user names and encrypted e-mail addresses from its databases, and recommended that eBay users immediately change their passwords.

A suspected Iranian hacker group seeded Facebook and LinkedIn with bogus profiles of attractive women and even created a fake online news organization to get digitally close to more than 2,000 people whom it wanted to spy on. Once they had befriended their targets through fake profiles, the people were emailed malicious links designed primarily to steal email account credentials, according to details provided by security consultancy iSight Partners.

Cloud provider Joyent suffered an outage after an administrator made an operational error in simultaneously re-booting all the virtual servers hosted in the company's US-East-1 data center. About an hour later, they were back online, while Bryan Cantril, the CTO there, said Joyent would now do a "postmortem" on the incident to find out "how this was architecturally possible."


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.