http://www.usatoday.com/story/tech/personal/2014/08/05/russian-gang-stolen-passwords/13639285/

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0

Web sites haven't been named publically yet. Probably a good idea to once again change passwords.

It makes complete sense... Over the past 2-3 months I have experienced at least 4 fraudulent charges on 4 different cards. Plus, I know of at least 5 more cases of people close to me.

Nuts

Sent from my iPhone using Brickpicker

Wow! It makes sense, but wow! Looks like a lot of my passwords are going to change today.

Martin,

I'm in IT Mgt. Specially the integration side (connecting systems to systems both internally and externally) using TIBCO and Informatica. Thus, I know a lot about DBs, encryption, app server software, security certs, etc...

Thus I know what is involved and the last year of data breaches SCARE me. My wife and I have started using cash more and more.

Back in the 2000s, the majority of hackers did what they wanted for publicity among their peers.

Today's hackers seem to be in it for money and street cred is secondary. Hacking truly turned into organized crime.

The vast majority of web sites are not secure. The hackers are just too good.

Sent from an iPhone using the Brickpicker app

With perfect timing, one of the friends that experienced fraud around a month ago just told me it happened again today....

Sent from my iPhone using Brickpicker

Such great news.    This is ridiculous anymore. Thank for the info jaisonline. 

1.2b passwords / 420k sites = ~3000 passwords per site. Sounds like they were hitting the tiny mom and pop sites via script. This isnt surprising even in 2014, SQL injection is still #1:

 

https://www.owasp.org/index.php/Top_10_2013-Top_10

Martin,

I'm in IT Mgt. Specially the integration side (connecting systems to systems both internally and externally) using TIBCO and Informatica. Thus, I know a lot about DBs, encryption, app server software, security certs, etc...

Thus I know what is involved and the last year of data breaches SCARE me. My wife and I have started using cash more and more.

Back in the 2000s, the majority of hackers did what they wanted for publicity among their peers.

Today's hackers seem to be in it for money and street cred is secondary. Hacking truly turned into organized crime.

The vast majority of web sites are not secure. The hackers are just too good.

Sent from an iPhone using the Brickpicker app

 

As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about.  The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically.

As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about.  The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically.

 

I switched from using a debit card to a credit card for this reason. The points are just a token bonus. It also prevents direct access to the money.

As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about.  The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically.

 

i know. but it's not that simple anymore

 

identity theft is the bigger prob.

 

the recent data breaches (including target and experion) have hackers (and the buyers of the data) opening MC and VISA credit cards using the stolen information.  it was just a matter of time the stolen encrypted data was decrypted. 

 

sure, we won't be liable for the purchases but the more serious issue at hand is once "secured" personal data is now available for those who can buy it.  fixing matters like that is a mess using the 3 credit bureaus.  some folks (regardless if the % is low) will ultimately need to change their SS# which is a MAJOR headache.

 

personally, i think many companies have greatly misused our SS#s.  seriously, do companies like AT&T and Comcast really need our SS# to offer us their services / products?   we are prob getting to the point that people will need another unique identifier to replace SS#s.

Could this be related to Ebay making us change passwords a month ago?

Could this be related to Ebay making us change passwords a month ago?

not sure yet.  we need company names to be released.  it appears many global DB servers were compromised.  i think companies won't come forward until their internal (tech and legal) investigations are complete.

 

i hope the breach is smaller / less serious than reported...

Thank you for this jaisonline. Looks like I will be changing many passwords today.

1.2b passwords / 420k sites = ~3000 passwords per site. Sounds like they were hitting the tiny mom and pop sites via script. This isnt surprising even in 2014, SQL injection is still #1:

 

https://www.owasp.org/index.php/Top_10_2013-Top_10

I think we all know what kind of "mom and pop" sites were mostly affected... 

As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about.  The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically.

For the individual consumer, definitely correct. But the bigger problem is these companies will have to recover their lost money.....somehow. Either by all credit card companies going to a fee system for consumers, or businesses raising prices.

i know. but it's not that simple anymore

 

identity theft is the bigger prob.

 

the recent data breaches (including target and experion) have hackers (and the buyers of the data) opening MC and VISA credit cards using the stolen information.  it was just a matter of time the stolen encrypted data was decrypted. 

 

sure, we won't be liable for the purchases but the more serious issue at hand is once "secured" personal data is now available for those who can buy it.  fixing matters like that is a mess using the 3 credit bureaus.  some folks (regardless if the % is low) will ultimately need to change their SS# which is a MAJOR headache.

 

personally, i think many companies have greatly misused our SS#s.  seriously, do companies like AT&T and Comcast really need our SS# to offer us their services / products?   we are prob getting to the point that people will need another unique identifier to replace SS#s.

 

 

Unfortunately, yes. These types of services require a credit check before service is established. Not saying I agree with it, but cable and utility companies run your credit before establishing service.