Award-winning cooking tools company OXO revealed that it has suffered data breaches Attack.Databreach over the last two years that may have compromised Attack.Databreach customer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposed Attack.Databreach some of your personal information. ” The attacker is believed to have accessed Attack.Databreach credit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromised Attack.Databreach . We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromised Attack.Databreach . While we believe the attempt to compromise Attack.Databreach your payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are looking Vulnerability-related.DiscoverVulnerability at past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .

HipChat has reset all its users ' passwords after what it called a security incident that may have exposed Attack.Databreach their names , email addresses and hashed password information . In some cases , attackers may have accessed Attack.Databreach messages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposed Attack.Databreach would also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposed Attack.Databreach . But no financial or credit information was taken Attack.Databreach , the company said . HipChat is a popular messaging service used among enterprises , and an attack Attack.Databreach that exposed Attack.Databreach sensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affected Vulnerability-related.DiscoverVulnerability a server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolen Attack.Databreach from less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .

Yahoo ’ s board has blamed unnamed senior executives and its legal team for failing to properly investigate a 2014 security incident Attack.Databreach which saw 500 million user accounts stolen Attack.Databreach by state-sponsored attackers . In a lengthy SEC filing , the board claimed that in late 2014 the firm ’ s security team notified of targeted attacks against 26 users , who were subsequently informed , and law enforcement consulted . It continued : “ While significant additional security measures were implemented in response to those incidents , it appears certain senior executives did not properly comprehend or investigate , and therefore failed to act sufficiently upon , the full extent of knowledge known internally by the Company ’ s information security team . Specifically , as of December 2014 , the information security team understood that the attacker had exfiltrated Attack.Databreach copies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team ” . Subsequent cookie forging activity by the same state actor in 2015 and 2016 was also not investigated . That activity is now said to have exposed Attack.Databreach the accounts of 32 million users . The revelations would seem to indicate a massive disconnect between IT security and the business at Yahoo – perhaps one of the reasons why former CISO Alex Stamos left for Facebook in 2015 . It should be a cautionary tale for businesses everywhere , as the fallout continues . General counsel and secretary , Ronald Bell , will leave the company as a result of the investigation with no severance pay , and CEO Marissa Meyer will not receive a cash bonus for 2016 . She has also agreed not to receive her 2017 annual equity award – which is said to be more than $ 10m . The firm revealed it has already recorded $ 16m in losses related to the 2013 and 2014 breaches – “ of which $ 5 million was associated with the ongoing forensic investigation and remediation activities and $ 11 million was associated with nonrecurring legal costs ” . Also , it is expecting to incur further “ investigation , remediation , legal , and other expenses ” going forward . A large portion of this could come from the 43 consumer class action lawsuits which have since been instigated against the firm , with possibly more to come . However , frustratingly , there was no more information on the 2013 breach of one billion user accounts , with the filing only saying the following : “ We have not been able to identify the intrusion associated with this theft , and we believe this incident is likely distinct from the 2014 Security Incident ” . The internet pioneer last week agreed a $ 350m cut in its asking price with Verizon , which will look to wrap up its M & A deal soon