Hackers logged into the hospital ’ s remote access portal using a third-party vendor ’ s username and password . Greenfield , Indiana-based Hancock Health paid Attack.Ransom hackers 4 bitcoin or about $ 47,000 to unlock its network on Saturday , after the health system fell victim to a ransomware attack Attack.Ransom on Thursday night . Hackers compromised Attack.Databreach a third-party vendor ’ s administrative account to the hospital ’ s remote-access portal and launched SamSam ransomware . The virus infected a number of the hospital ’ s IT system and , according to local reports , the malware targeted over 1,400 files and changed the name of each to “ I ’ m sorry. ” Hancock officials followed its incident response and crisis management plan and contacted legal representation and outside security firm immediately following the discovery of the attack . Hospital leadership also contacted the FBI for advisory assistance . The incident was contained by Friday and officials said the next focus was recovery . Hancock Health was given just seven days to pay the ransom Attack.Ransom . While officials said Hancock could have recovered the affected files from backups , it would have taken days or possibly weeks to do so . And it would have been more expensive . “ We were in a very precarious situation at the time of the attack , ” Hancock Health CEO Steve Long said in a statement . “ With the ice and snow storm at hand , coupled with one of the worst flu seasons in memory , we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients . Restoring from backup was considered , though we made the deliberate decision to pay the ransom Attack.Ransom to expedite our return to full operations. ” Hackers released the files early Saturday after they retrieved the bitcoins . The hospital ’ s critical systems were restored to normal function on Monday . The forensic analysis found patient data was not transferred Attack.Databreach outside of the hospital ’ s network , and the FBI confirmed the motivation for SamSam hackers is ransom payment Attack.Ransom , not to harvest Attack.Databreach patient data . The virus did not impact any equipment used to treat patients . However , the hospital ’ s patient portal was down during the security incident . After recovery , officials asked employees to reset passwords and implemented a security feature that could detect similar attacks in the future . The breach Attack.Databreach should serve as a wake-up call that ransomware attacks Attack.Ransom can happen . However , it ’ s important to note the FBI , the U.S. Department of Health and Human Services and a laundry list of security experts have long stressed that organizations should not pay ransoms Attack.Ransom to hackers . While the hackers returned the files to Hancock , there was no guarantee that would happen . For example , Kansas Heart Hospital paid a ransom Attack.Ransom in May 2016 , and the hackers kept the files and demanded another payment Attack.Ransom . The hospital declined to pay Attack.Ransom a second time . Secondly , when an organization pays Attack.Ransom , hackers place the business on a list of those willing to pay the ransom Attack.Ransom and can expect to be hit Attack.Ransom again in the future . “ There are lists out there , if you pay once , you may end up having to pay again because you ’ ve been marked as an organization that will pay , ” said CynergisTek CEO Mac McMillan .

JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breach Attack.Databreach that affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breach Attack.Databreach . It says the information was freely downloadable on a Tor hidden service . The breach Attack.Databreach also affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breach Attack.Databreach include Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolen Attack.Databreach from these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposed Attack.Databreach . To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromised Attack.Databreach . The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaks Attack.Databreach , according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .

Wishbone , the social media-based quiz app for teens and young adults , has been compromised Attack.Databreach , leading to more than 9.4 million records going up for sale on the Dark Web . The breach Attack.Databreach gave the attackers access Attack.Databreach to Wishbone users ’ user names , any real or nicknames provided by users during account registration , email addresses and telephone numbers , according to an email sent by the company to users , posted to Pastebin . According to independent researcher Troy Hunt , the database was a MongoDB file that may have been inadvertently left open Attack.Databreach to the internet . The leak Attack.Databreach may have stemmed from a vulnerability in a Wishbone API , the company confirmed to Motherboard—one that the company has now closed , it said . Parents should look through the settings of Wishbone , and any other app their children are using , to see if any personal information is stored in them . And , having a talk with kids about the dangers of exposing Attack.Databreach information should be at the top of the to-do list . Hunt has also published the leak Attack.Databreach to his searchable HaveIBeenPwned database , so parents can find out if their child is a victim . “ Teenagers today are constantly connected and sharing all aspects of their daily life is normal as there is a lot of peer pressure to participate in social apps , ” said Sanjay Kalra , co-founder and chief product officer at Lacework , a provider of cloud security solutions . “ Being a parent of [ a ] teenager in this hyper-social environment is a scary aspect . You can not control information once exposed . Parents should be in constant communication with their teenagers , explaining the risks associated with information sharing and training them on basics of internet security . They should be educating them on how to use multiple strong passwords , anonymization of the data and identities and long-term effects of having personal aspects of life in public domain . ”

On April 14 , the company disclosed to the California attorney general that a December 2015 breach Attack.Databreach compromised Attack.Databreach more sensitive information than first thought . It also disclosed new attacks Attack.Databreach from earlier this year that exposed Attack.Databreach names , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stole Attack.Databreach 350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtained Attack.Databreach through other data breaches Attack.Databreach . A total of 5,200 accounts were accessed Attack.Databreach , and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposed Attack.Databreach , the original notification noted , access Attack.Databreach to the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposed Attack.Databreach in the 2015 incident Attack.Databreach . The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breach Attack.Databreach exposed Attack.Databreach names , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to access Attack.Databreach some InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .

TORONTO , April 19 ( Reuters ) - Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States , including Holiday Inn and Crowne Plaza , were victims of a three-month cyber attack Attack.Databreach that sought to steal Attack.Databreach customer payment card data . The company declined to say how many payment cards were stolen Attack.Databreach in the attack Attack.Databreach , the latest in a hacking spree Attack.Databreach on prominent hospitality companies including Hyatt Hotels Corp , Hilton , and Starwood Hotels , now owned by Marriott International Inc . The breach Attack.Databreach lasted from September 29 to December 29 , InterContinental spokesman Neil Hirsch said on Wednesday . He declined to say if losses were covered by insurance or what financial impact the hacking Attack.Databreach might have on the hotels that were compromised Attack.Databreach , which also included Hotel Indigo , Candlewood Suites and Staybridge Suites properties . The malware searched for track data Attack.Databreach stored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Hotel operators have become popular targets because they are easier to breach Attack.Databreach than other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers , said Itay Glick , chief executive of Israeli cyber-security company Votiro . `` They do n't have massive data centers like banks which have very secure systems to protect themselves , '' said Glick . InterContinental declined to say how many franchised properties it has in the United States , which is part of its business unit in the Americas with 3,633 such properties . In February , InterContinental said it had been victim of a cyber attack , but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware .

This is part of an ongoing Motherboard series on the proliferation of phone cracking technology , the people behind it , and who is buying it . Motherboard has obtained 900 GB of data related to Cellebrite , one of the most popular companies in the mobile phone hacking industry . The cache includes customer information , databases , and a vast amount of technical data regarding Cellebrite 's products . The breach Attack.Databreach is the latest chapter in a growing trend of hackers taking matters into their own hands , and stealing Attack.Databreach information from companies that specialize in surveillance or hacking technologies . Cellebrite is an Israeli company whose main product , a typically laptop-sized device called the Universal Forensic Extraction Device ( UFED ) , can rip data Attack.Databreach from thousands of different models of mobile phones . That data can include SMS messages , emails , call logs , and much more , as long as the UFED user is in physical possession of the phone . Cellebrite is popular with US federal and state law enforcement , and , according to the hacked data , possibly also with authoritarian regimes such as Russia , the United Arab Emirates , and Turkey . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company 's my.cellebrite domain . This section of the site is used by customers to , among other things , access new software versions . In the majority of cases , this was not possible because the email address was already in use . A customer included in the data confirmed some of their details . The dump also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices . According to the hacker , and judging by timestamps on some of the files , some of the data may have been pulled Attack.Databreach from Cellebrite servers last year . `` Cellebrite recently experienced unauthorized access to an external web server , '' the company said in a statement on Thursday after Motherboard informed it of the breach . `` The company is conducting an investigation to determine the extent of the breach . The impacted server included a legacy database backup of my.Cellebrite , the company 's end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , '' the statement continues . Cellebrite advised customers to change their passwords as a precaution , and added that it is working with relevant authorities to assist in their investigation . Access to Cellebrite 's systems has been traded among a select few in IRC chat rooms , according to the hacker . `` To be honest , had it not been for the recent stance taken by Western governments no one would have known but us , '' the hacker told Motherboard . The hacker expressed disdain for recent changes in surveillance legislation . In 2014 a hacker calling themselves `` PhineasFisher '' publicly released 40GB of data from surveillance company Gamma International . Gamma makes intrusion software that can remotely switch on a target 's webcam , siphon off Attack.Databreach their emails , and much more . The following year , PhineasFisher targeted Italian company Hacking Team , and published Attack.Databreach a trove of emails and other internal documents from the company . Although the terms of this Cellebrite breach Attack.Databreach are somewhat different—the hacker has not dumped Attack.Databreach the files online for anyone to download—similarities seem to remain , especially in the hacker 's vigilante motivation .

Email addresses , passwords and IP addresses were exposed . The breach Attack.Databreach , which took place in September 2015 but was only recently disclosed , compromised Attack.Databreach email addresses , passwords and IP addresses , the Daily Mail reports . The hacker 's likely aim was to profit financially from the stolen information. `` Data breaches Attack.Databreach are often sold via darkweb sites or within closed trading circles , '' Hunt told the Daily Mail . Still , Willy Leichter , vice president of marketing at CipherCloud , told eSecurity Planet by email that while the attack targeted gaming forums , any large scale breach like this should concern businesses as well . `` Users often use common passwords , security questions , or personal email addresses to access personal and work-related systems , making it easier for hackers to break into Attack.Databreach corporate networks and steal Attack.Databreach massive amounts of data , '' he said . And while all users are being advised to change their passwords , Jeff Hill , director of product management at Prevalent , said it may be too late to make a difference. `` The initial breach Attack.Databreach occurred in September 2015 , giving the attackers 17 months to operate undetected , more than enough time to find and exfiltrate Attack.Databreach enough data to profit greatly from their efforts , '' he said . `` At this point , it ’ s not even clear the breach was actually detected -- possibly the attackers simply [ wrung ] as much return as possible out of their theft , and simply discarded the remaining useless data , '' Hill added .

The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach Attack.Databreach dealing with more than 800,000 user accounts . The breach Attack.Databreach , which grabbed headlines on Monday , is drawing concerns from security researchers because it may have given hackers access Attack.Databreach to voice recordings from the toy 's customers . But the company behind the products , Spiral Toys , is denying that any customers were hacked Attack.Databreach . Absolutely not , '' said Mark Meyers , CEO of the company . Security researcher Troy Hunt , who tracks data breaches Attack.Databreach , brought the incident Attack.Databreach to light on Monday . Hackers appear to have accessed Attack.Databreach an exposed CloudPets ' database , which contained email addresses and hashed passwords , and they even sought to ransom Attack.Ransom the information back in January , he said in a blog post . The incident Attack.Databreach underscores the danger with connected devices , including toys , and how data passing through them can be exposed Attack.Databreach , he added . In the case of CloudPets , the brand allegedly made the mistake of storing the customer information in a publicly exposed Attack.Databreach online MongoDB database that required no authentication to access . That allowed anyone , including hackers , to view and steal Attack.Databreach the data . On the plus side , the passwords exposed Attack.Databreach in the breach Attack.Databreach are hashed with the bcrypt algorithm , making them difficult to crack . Unfortunately , CloudPets placed no requirement on password strength , meaning that even a single character such as letter `` a '' was acceptable , according to Hunt , who was given a copy of the stolen data last week . As a result , Hunt was able to decipher a large number of the passwords , by simply checking them against common terms such as qwerty , 123456 , and cloudpets . `` Anyone with the data could crack a large number of passwords , log on to accounts and pull down the voice recordings , '' Hunt said in his blog post . Security researcher Victor Gevers from the GDI Foundation said he also discovered the exposed database from CloudPets and tried to contact the toy maker in late December . However , both Gevers and Hunt said the company never responded to their repeated warnings . On Monday , California-based Spiral Toys , which operates the CloudPets brand , claimed the company never received the warnings . `` The headlines that say 2 million messages were leaked Attack.Databreach on the internet are completely false , '' Meyers said . His company only became aware of the issue after a reporter from Vice Media contacted them last week . `` We looked at it and thought it was a very minimal issue , '' he said . A malicious actor would only be able to access Attack.Databreach a customer 's voice recording if they managed to guess the password , he said . `` We have to find a balance , '' Meyers said , when he addressed the toy maker 's lack of password strength requirements . He also said that Spiral Toys had outsourced its server management to a third-party vendor . In January , the company implemented changes MongoDB requested to increase the server 's security . Spiral Toys hasn ’ t been the only company targeted . In recent months , several hacking groups have been attacking Attack.Databreach thousands of publicly exposed MongoDB databases . They ’ ve done so by erasing the data , and then saying they can restore it , but only if victims pay a ransom fee Attack.Ransom . In the CloudPets incident , different hackers appear to have deleted the original databases , but left Attack.Ransom ransom notes on the exposed systems , Hunt said . Although the CloudPets ’ databases are no longer publicly accessible , it appears that the toy maker hasn ’ t notified customers about the breach Attack.Databreach , Hunt said . The danger is that hackers might be using the stolen information to break into customer accounts registered with the toys . But Meyers said the company found no evidence that any hackers broke into customer accounts . To protect its users , the company is planning on a password reset for all users . `` Maybe our solution is to put more complex passwords , '' he said .