The world governing body of track and field said Monday that it was the victim of a cyberattack carried out by the infamous Fancy Bear hacking group . The International Association of Athletics Federations ( IAAF ) said the hack Attack.Databreach had `` compromised Attack.Databreach athletes ' Therapeutic Use Exemption ( TUE ) applications stored on IAAF servers . '' However , `` it is not known if this information was subsequently stolen Attack.Databreach from the network . '' The Fancy Bear website and Twitter account bore no mention of the hacks Monday morning . TUEs are special exemptions given to athletes that allow them to take otherwise banned substances if they have a specific medical need . A statement on the IAAF website said : `` The presence of unauthorized remote access Attack.Databreach to the IAAF network by the attackers was noted on 21 February where meta data on athlete TUEs was collected Attack.Databreach from a file server and stored in a newly created file . '' While the IAAF did not know if that data was eventually taken , it said there was “ a strong indication of the attackers ’ interest and intent. ” Fancy Bear was responsible for a hack that targeted the World Anti-Doping Agency ( WADA ) last year , subsequently revealing what it said were TUEs granted to a host of U.S. Olympics stars . NBC News reported details of the suspected hack Attack.Databreach of WADA files in August saying it was part of the same covert influence campaign by Russian President Vladimir Putin 's government to target the U.S. government , political organizations and others and potentially disrupt the November election . U.S. officials have also previously linked Fancy Bear to GRU , the Russian military intelligence agency . However , Russian officials denied playing any role in the various hacks attributed to Fancy Bear . The IAAF said athletes who have applied for TUEs since 2012 have been contacted . It added that it had since carried out a `` complex remediation across all systems and servers in order to remove the attackers ’ access to the network . '' IAAF President Sebastian Coe also weighed in . `` Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , '' he said . `` They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world ’ s best organizations to create as safe an environment as we can . ''

The OurMine hackers are back in the news again . This time the group hacked and defaced the official domain of Unity 3D Forums leaving a deface page along with a note over the weekend . The hack which took place on 30th April allowed the Saudi Arabia-based OurMine hacking group to compromise the forum ’ s security and leave a note stating “ Hacked by OurMine , Your Security is low. ” Unity 3D administrators have acknowledged the hack Attack.Databreach but stated that no password was stolen Attack.Databreach in the attack Attack.Databreach and that the 2FA Authentication will be introduced to the forums for better security . Furthermore , the administrators are also planning to bring Device Identification and Password Policy on the forums . According to the official statement from Unity 3D : Thanks to everyone that have reached out about our forums being compromised – we are on it ! — Unity ( @ unity3d ) April 30 , 2017 One of the team members from Unity stated on Reddit that : After the hack , the Unity 3D forums was down for maintenance though at the time of publishing this article the forums were online and reachable . However , if you have an account on Unity 3D forums it is advised that you change your password . Just in case if you are not familiar with the OurMine then this is the same group who conducted the biggest hack in YouTube ’ s history last month by taking over hundreds of popular YouTube accounts and defacing their titles with # OurMine signature . The same group was in the news for hacking Google ’ s CEO Sundar Pichai , Facebook ’ s CEO Mark Zuckerberg , Co-founder of Twitter Jack Dorsey and several other top media celebrities and news outlets . It is unclear how OurMine hacks Attack.Databreach its victims but researchers believe that the group uses passwords stolen Attack.Databreach from previous data breaches Attack.Databreach including LinkedIn and MySpace . The group is also working on establishing itself as an IT security firm to help companies against cyber attacks , however , it is unclear whether such tactics will give them clients or scare them away . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .

According to Darin Stanchfield , KeepKey founder and CEO , the attack took place on Christmas Day , December 25 , when an unknown attacker had activated a new phone number with Stanchfield 's Verizon account . This allowed the attacker to request a password reset for his Verizon email account , but receive the password reset details on the newly activated phone number . A few minutes later , the attacker had taken over Stanchfield 's email account and proceeded to request password resets for several services where the KeepKey founder had used that email address to register profiles . In no time , the attacker had taken over several of Stanchfield 's accounts on other sites , such as KeepKey 's official Twitter account , and several of KeepKey 's side services , such as accounts for sales distribution channels and email marketing software . In less than an hour after the attack started , the KeepKey CEO had discovered what happened and started working with his staff to regain access to the hijacked accounts , while also blocking the intruder from reaching other KeepKey services . The attacker also contacted the KeepKey staff , offering to provide details about how he hacked Attack.Databreach the Verizon email account and what he stole Attack.Databreach . The attacker had also promised to return the stolen data and keep quiet about the hack Attack.Databreach if KeepKey would agree to pay Attack.Ransom him 30 Bitcoin ( ~ $ 30,000 ) . Instead of paying the ransom demand Attack.Ransom , the KeepKey team managed to stall the attacker for two more hours , during which time they regained access to all but one account , the company 's Twitter profile . Since the night of the hack , the company has filed a complaint with the FBI and is now offering the 30 Bitcoin ransom Attack.Ransom as a reward for any clues that lead to the attacker 's arrest . KeepKey was adamant about the attacker not being able to access any of its customers ' Bitcoin access keys stored on its devices . KeepKey is known in the Bitcoin market for manufacturing hardware devices that allow users to store the access keys used to authenticate on Bitcoin wallets . The device , which is a modified USB storage unit , works offline and the keys on it can be accessed only with physical access to the device . In the Christmas security breach , the attacker would have only managed to steal Attack.Databreach home addresses , emails , and phone numbers from users that have bought KeepKey devices in the past , and not the content of those devices . It is unknown at the time of writing if the attacker used the access over these accounts to steal Attack.Databreach any KeepKey customer data . Nevertheless , as a precautionary measure , the company is offering a 30-day refund policy to all customers that had their details stored in the sales distribution channels and email marketing software accounts that the attacker managed to gain access Attack.Databreach to . At the start of December , someone had taken over the mobile number of Bo Shen , the founder of Bitcoin venture capital firm Fenbushi Capital , and had stolen at least $ 300,000 worth of Augur and Ether cryptocurrency . Two weeks later , the same hacker took over a mobile number for one of the Ethereum Project 's admins and used it to reset the passwords for various accounts , eventually downloading a copy Attack.Databreach of Ethereum forum database backup , dated to April 2016 . At the time of writing , there are no clues that link the first two attacks with the security breach at KeepKey , despite the similar hacking methods

A maker of Internet-connected stuffed animal toys has exposed Attack.Databreach more than 2 million voice recordings of children and parents , as well as e-mail addresses and password data for more than 800,000 accounts . He said searches using the Shodan computer search engine and other evidence indicated that , since December 25 and January 8 , the customer data was accessed Attack.Databreach multiple times by multiple parties , including criminals who ultimately held the data for ransom Attack.Ransom . The recordings were available on an Amazon-hosted service that required no authorization to access . The data was exposed Attack.Databreach by Spiral Toys , maker of the CloudPets line of stuffed animals . The toys record and play voice messages that can be sent over the Internet by parents and children . The MongoDB database of 821,296 account records was stored by a Romanian company called mReady , which Spiral Toys appears to have contracted with . Hunt said that , on at least four occasions , people attempted to notify the toy maker of the breach Attack.Databreach . In any event , evidence left behind by the ransom demanders made it almost certain company officials knew of the intrusions Attack.Ransom . Hunt wrote : It 's impossible to believe that CloudPets ( or mReady ) did not know that firstly , the databases had been left publicly exposed Attack.Databreach and secondly , that malicious parties had accessed Attack.Databreach them . Obviously , they 've changed the security profile of the system , and you simply could not have overlooked the fact that a ransom had been left Attack.Ransom . So both the exposed database Attack.Databreach and intrusion Attack.Ransom by those demanding the ransom Attack.Ransom must have been identified yet this story never made the headlines . Further ReadingInternet-connected Hello Barbie doll gets bitten by nasty POODLE crypto bugThe breach is the latest to stoke concerns about the privacy and security of Internet-connected toys . In November 2015 , tech news site Motherboard disclosed the hack Attack.Databreach of toy maker VTech in a breach Attack.Databreach that exposed Attack.Databreach the names , e-mail addresses , passwords , and home addresses of almost 5 million adults , as well as the first names , genders and birthdays of more than 200,000 kids . A month later , a researcher found Vulnerability-related.DiscoverVulnerability that an Internet-connected Barbie doll made by Mattel contained vulnerabilities that might allow hackers to intercept real-time conversations . In addition to storing the customer databases in a publicly accessible location , Spiral Toys also used an Amazon-hosted service with no authorization required to store the recordings , customer profile pictures , children 's names , and their relationships to parents , relatives , and friends . In Monday 's post , Hunt acknowledged the help of Motherboard reporter Lorenzo Franceschi-Bicchierai , who published this report . Oddly enough , for a product with such lax security , the service used the ultra-secure bcrypt hashing function to protect passwords . Unfortunately , CloudPets had one of the most permissive password policies ever . It allowed , for instance , a passcode of the single character `` a '' or the short keyboard sequence `` qwe . '' `` What this meant is that when I passed the bcrypt hashes into [ password cracking app ] hashcat and checked them against some of the world 's most common passwords ( 'qwerty , ' 'password , ' '123456 , ' etc . ) along with the passwords 'qwe ' and 'cloudlets , ' I cracked a large number in a very short time , '' Hunt wrote . Further ReadingHow to search the Internet of Things for photos of sleeping babiesThe lesson that emerged long ago is that the security of so-called Internet of things products is so poor that it often outweighs any benefit afforded by an Internet-connected appliance . As the CloudPets debacle underscores , the creep factor involved in Internet-connected toys makes the proposition even worse