In recent news , millions of records containing personal information were made available to the public in a sizable data leak Attack.Databreach , providing potential scammers with plenty of information to utilize in their schemes . These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet , a business service firm . The database contained information that could be of great use to hackers and marketers alike , as it outlined corporate data for businesses within the United States , providing professional details and contact information for members at every level of the businesses included . Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility . According to the firm , there was no evidence of a breach Attack.Databreach on their systems . The email also pointed out that the leaked data was sold to “ thousands ” of other companies , and that the leaked data seemed to be six months old . In essence , Dun & Bradstreet ’ s position was “ not our fault. , ” and that there was little cause for worry , as the list only contained “ generally publicly available business contact data. ” However , not everyone feels that the responsibility for this event can be passed off so easily , especially considering the nature of the data found on the database . Troy Hunt manages Have I Been Pwned , a data leak Attack.Databreach alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised Attack.Databreach . He offered up his own take after reviewing the database for himself . Hunt ’ s analysis revealed that the organizations with the most records in the database were : The United States Department Of Defense : 101,013 The United States Postal Service : 88,153 AT & T Inc. : 67,382 Wal-Mart Stores , Inc. : 55,421 CVS Health Corporation : 40,739 The Ohio State University : 38,705 Citigroup Inc. : 35,292 Wells Fargo Bank , National Association : 34,928 Kaiser Foundation Hospitals : 34,805 International Business Machines Corporation : 33,412 If this list alarms you , you have the right idea . In his comments , Hunt brought up a few concerns that he had with the contents of the database out in public . First of all , this list is essentially a guidebook for someone running a phishing campaign Attack.Phishing . A resourceful scammer could easily use the information contained in this list ( including names , titles , and contact information ) to create a very convincing and effective campaign . Furthermore , the most common records in the leaked database were those of government officials and employees . Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense : while “ Soldier ” was the most common , the list also included “ Chemical Engineer ” and “ Intelligence Analyst ” entries . In his response , Hunt asked a very important question : `` How would the U.S. military feel about this data - complete with PII [ personally identifiable information ] and job title - being circulated ? '' With the very real threat of state-sponsored hacking and other international cyber threats in mind , Hunt brought up the value this list would have to a foreign power that isn ’ t fond of the U.S . Finally , Hunt cited the chances of this data being recovered to be at a firm “ zero ” percent . In short , despite the reassurances from Dun & Bradstreet , this database going public could present some very real dangers to any businesses included in it .

Investigators with Hold Security , a Wisconsin-based security consultancy , on Tuesday afternoon discovered an unsecure internal customer service portal for the company 's Argentinian operations . The national ID numbers for at least 14,000 Argentinians have been exposed Attack.Databreach , but the leak Attack.Databreach could potentially affect tens of thousands more people . The website held thousands of credit-related dispute records , faxes and national identity numbers for Argentinians who had filed complaints . It also stored the usernames and passwords in plaintext for about 100 of the company 's customer service representatives . The findings were first reported by cybersecurity blogger Brian Krebs , who notified Equifax . The website has now been shut down . The findings will put further pressure on Equifax , which has been criticized for its haphazard and slow response to a breach Attack.Databreach that exposed Attack.Databreach the personal details of 143 million U.S. consumers , as well as an as-yet-unspecified number of British and Canadian residents . Alex Holden , founder and CTO of Hold Security , tells Information Security Media Group that the Equifax website for Argentina `` could be exploited by a 3-year-old . '' He says he did n't use any advanced hacking techniques to uncover the breach . Holden - a veteran investigator credited with discovering the massive Adobe Systems and Target data breaches in 2013 - says he still found the Equifax findings `` completely unexpected and surprising . '' Equifax says it acted immediately to halt the leak , which is unrelated to the breach it announced Sept 7 , says Meredith Griffanti , the company 's spokeswoman for Latin America . The data was a `` limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions , '' she says . `` We have no evidence at this time that any consumers , customers , or information in our commercial and credit databases were negatively affected , and we will continue to test and improve all security measures in the region , '' Griffanti says .

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

In what ’ s becoming a familiar refrain to guests , InterContinental Hotels Group , said late last week that payment card systems at more than 1,000 of its hotels had been breached Attack.Databreach . It ’ s the second breach that IHG , a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its chains , has disclosed this year . The company acknowledged in February that a credit card breach Attack.Databreach affected 12 of its hotels and restaurants . In a notice published to its site on Friday the company said a second breach Attack.Databreach occurred at select hotels between Sept. 29 and Dec. 29 last year . IHG says there ’ s no evidence payment card data was accessed Attack.Databreach after that point but can ’ t confirm the malware was eradicated until two to three months later , in February/March 2017 , when it began its investigation around the breach . Like most forms of payment card malware these days , IHG said the variant on their system siphoned track data Attack.Databreach – customers ’ card number , expiration date , and internal verification code – from the magnetic strip of cards as they were routed through affected hotel servers . The hotelier said the first breach Attack.Databreach also stemmed from malware found on servers used to process credit cards , but from August to December 2016 . That breach Attack.Databreach affected hotels , along with bars and restaurants at hotels , such as Michael Jordan ’ s Steak House and Bar at InterContinental Chicago and the Copper Lounge at Intercontinental Los Angeles . IHG didn ’ t state exactly how many properties were affected by the second breach Attack.Databreach but that customers can use a lookup tool the company has posted to its site to search for hotels in select states and cities . IHG gives a timeline for each property and says hotels listed on the tool “ may have been affected. ” A cursory review of hotels in the lookup tool suggests far more than a dozen – more than a thousand – hotels , were affected by the malware . IHG says that since the investigation is ongoing the tool may may be updated periodically . Some properties , for a reason not disclosed , elected to not participate in the investigation , IHG said . While the company operates 5,000 hotels worldwide this most recent breach Attack.Databreach affects mostly U.S.-based chains . One hotel in Puerto Rico , a Holiday Inn Express in San Juan , is the only non-U.S. property that hit by malware this time around , IHG claims . The company said it began implementing a point-to-point encryption payment solution – technology that can reportedly prevent malware from scouring systems for payment card data last fall . The hotels that were hit by this particular strain of malware had not yet implemented the encryption technology , IHG claims . The news comes as an IHG subsidiary , boutique hotel chain Kimpton , is fighting a class action court case that alleges the company failed to take adequate and reasonable measures to protect guests payment card data . The chain said it was investigating a rash of unauthorized charges on cards used at its locations last summer . It eventually confirmed a breach Attack.Databreach in late August that involved cards used from Feb. 16 , 2016 and July 7 , 2016 at nearly all of its restaurants and hotels .

As everyone in TV-land knows , established broadcasters have been losing eyeballs to streaming companies such as Netflix and Amazon and their big-budget “ event ” shows . The upstarts look unstoppable but might an obscure hacker called The Dark Overlord , previously connected to health sector data extortion Attack.Ransom , have spotted an important flaw in the model ? Last week , Netflix found itself on the receiving end of a ransom demand Attack.Ransom from the individual or group , making unconfirmed demands Attack.Ransom in return for not releasing the unseen series 5 of the hit Orange Is the New Black , starring Dascha Polanco ( pictured , at Toronto Pride ) to the web . The company , understandably , refused to play ball and on Saturday reports emerged that a number of episodes had appeared on a popular torrenting service , the name of which it behoves us not to mention for reasons including the high risk of encountering malware . Visiting that resource , we managed to find one file with mention of a “ press release ” that has since been expunged , including from web caches . It reportedly read : We ’ ve decided to release Episodes 2-10 of “ Orange Is The New Black ” Season 5 after many lengthy discussions at the office where alcohol was present . Separately , the group ’ s Twitter feed crowed : And so let it be read that the loathsome giants do too fall . Hello Netflix , we ’ ve arrived . The account threatened the release of material stolen Attack.Databreach from other media companies , including ABC , National Geographic and Fox . Netflix acknowledged the leak Attack.Databreach , which it said was caused by a breach Attack.Databreach at a “ production vendor ” also used by other TV studios . Netflix is cleverly covering its back by pointing the level of integration – and vulnerability – in the TV industry , but there is no question the breach still lands at its door . It ’ s not clear whether the way streaming services process digital content is that different or less secure from established broadcasters but the minute a show exists in a form that can be copied it becomes vulnerable to theft . The BBC found this out to its cost when an episode of the Russian version of Sherlock found its way on to the internet before it was due to be broadcast . And yet , defying cybersecurity breach orthodoxy , perhaps this particular breach isn ’ t so bad after all : on Monday , Netflix ’ s share price even rose . One reason might be that content breaches Attack.Databreach aren ’ t the same as ones involving customer data . The latter will cost the victim organisation money , court time and , in most countries , regulatory investigation . A few people watching a Netflix show earlier than normal seems minor by comparison as long as it doesn ’ t happen too often . Assuming the company patches Vulnerability-related.PatchVulnerability the hole that let its show be thieved , it ’ s not stretching it to suggest The Dark Overlord ’ s leaking Attack.Databreach could even have given Orange Is the New Black an unintended publicity jump . Presumably that ’ s not what The Dark Overlord intended although it ’ s also possible this has always been about self-regarding publicity as much as simple extortion for money Attack.Ransom . If so , Netflix is starting to look like the winner on that front too .

A maker of Internet-connected stuffed animal toys has exposed Attack.Databreach more than 2 million voice recordings of children and parents , as well as e-mail addresses and password data for more than 800,000 accounts . He said searches using the Shodan computer search engine and other evidence indicated that , since December 25 and January 8 , the customer data was accessed Attack.Databreach multiple times by multiple parties , including criminals who ultimately held the data for ransom Attack.Ransom . The recordings were available on an Amazon-hosted service that required no authorization to access . The data was exposed Attack.Databreach by Spiral Toys , maker of the CloudPets line of stuffed animals . The toys record and play voice messages that can be sent over the Internet by parents and children . The MongoDB database of 821,296 account records was stored by a Romanian company called mReady , which Spiral Toys appears to have contracted with . Hunt said that , on at least four occasions , people attempted to notify the toy maker of the breach Attack.Databreach . In any event , evidence left behind by the ransom demanders made it almost certain company officials knew of the intrusions Attack.Ransom . Hunt wrote : It 's impossible to believe that CloudPets ( or mReady ) did not know that firstly , the databases had been left publicly exposed Attack.Databreach and secondly , that malicious parties had accessed Attack.Databreach them . Obviously , they 've changed the security profile of the system , and you simply could not have overlooked the fact that a ransom had been left Attack.Ransom . So both the exposed database Attack.Databreach and intrusion Attack.Ransom by those demanding the ransom Attack.Ransom must have been identified yet this story never made the headlines . Further ReadingInternet-connected Hello Barbie doll gets bitten by nasty POODLE crypto bugThe breach is the latest to stoke concerns about the privacy and security of Internet-connected toys . In November 2015 , tech news site Motherboard disclosed the hack Attack.Databreach of toy maker VTech in a breach Attack.Databreach that exposed Attack.Databreach the names , e-mail addresses , passwords , and home addresses of almost 5 million adults , as well as the first names , genders and birthdays of more than 200,000 kids . A month later , a researcher found Vulnerability-related.DiscoverVulnerability that an Internet-connected Barbie doll made by Mattel contained vulnerabilities that might allow hackers to intercept real-time conversations . In addition to storing the customer databases in a publicly accessible location , Spiral Toys also used an Amazon-hosted service with no authorization required to store the recordings , customer profile pictures , children 's names , and their relationships to parents , relatives , and friends . In Monday 's post , Hunt acknowledged the help of Motherboard reporter Lorenzo Franceschi-Bicchierai , who published this report . Oddly enough , for a product with such lax security , the service used the ultra-secure bcrypt hashing function to protect passwords . Unfortunately , CloudPets had one of the most permissive password policies ever . It allowed , for instance , a passcode of the single character `` a '' or the short keyboard sequence `` qwe . '' `` What this meant is that when I passed the bcrypt hashes into [ password cracking app ] hashcat and checked them against some of the world 's most common passwords ( 'qwerty , ' 'password , ' '123456 , ' etc . ) along with the passwords 'qwe ' and 'cloudlets , ' I cracked a large number in a very short time , '' Hunt wrote . Further ReadingHow to search the Internet of Things for photos of sleeping babiesThe lesson that emerged long ago is that the security of so-called Internet of things products is so poor that it often outweighs any benefit afforded by an Internet-connected appliance . As the CloudPets debacle underscores , the creep factor involved in Internet-connected toys makes the proposition even worse

The breach indicates even more capable Asian states are struggling to confront cyber threats . On February 28 , Singapore ’ s defense ministry ( MINDEF ) disclosed that a breach Attack.Databreach in an Internet-connected system earlier this month had resulted in the personal data of 850 national servicemen and employees being stolen Attack.Databreach . Though the impact of the breach was quite limited , it nonetheless highlights the difficulties that Singapore faces as it confronts its growing cyber challenge . According to MINDEF , the I-net system used by personnel to access the Internet through terminals at the ministry and other facilities was breached Attack.Databreach by an attack Attack.Databreach in early February . While personal data , including identification numbers , phone numbers , and date of birth , were believed to have been stolen Attack.Databreach during the incident Attack.Databreach , the ministry said no classified information was compromised Attack.Databreach because it is stored on a separate system not connected to the Internet . As I have noted before , it has been paying keen attention to the cyber domain as a developed , highly-networked country . Singapore is particularly vulnerable as it relies on its reputation for security and stability to serve as a hub for businesses and attract talent . Indeed , last year , Deloitte found that Singapore was among the five Asian countries most vulnerable to cyber attacks ( See : “ Singapore Among Most Vulnerable to Cyberattacks in Asia ” ) . In response , Singapore has unveiled a series of initiatives aimed at boosting cybersecurity , including creating new institutions , safeguarding critical infrastructure , training cyber security personnel , and collaborating more with the private sector ( See : “ Singapore ’ s Cyber War Gets a Boost ” ) . And as I noted before , Prime Minister Lee Hsien Loong also outlined Singapore ’ s overall cybersecurity strategy at the inaugural Singapore International Cyber Week in October last year ( See : “ Singapore Unveils New ASEAN Cyber Initiative ” ) . Nonetheless , the cyber attack this week is a reminder that even the more capable states in the Asia-Pacific continue to struggle with confronting threats in the cyber realm . This was the first publicly disclosed cyber attack that MINDEF has experienced , and the ministry has described it as “ targeted and carefully planned , ” with the purpose of gaining access to official secrets . And based on what Singaporean officials have discovered so far , the attack appears to be less like the work of regular hackers and more along the lines of sophisticated state or state-backed actors