Skip Links

The worst security snafus of 2012 - so far

In the first half of this year, mayhem prevailed, from hacker exploits to bad corporate behavior

By , Network World
July 13, 2012 01:03 PM ET

Page 5 of 6

• Automotive manufacturer Nissan admitted a data breach involving employee user account credentials had occurred, and that it had to spend some time cleaning its network of the malware apparently responsible for that before disclosing the breach.

• The hacker who stole Facebook's source code, Glenn Mangham of York, England, offered an explanation of why he did it, saying, "I was working under the premise it is sometimes better to seek forgiveness than to ask permission." He said he did little to hide his actions and that even if he got caught, Facebook would let him off the hook. But that didn't happen, and Mangham was sentenced to eight months in prison in February, though the sentence was reduced to four months by an appeals court in April. He said he only had the source code for three weeks, but never had any intention of selling it to anyone who might exploit it for scams, for example. Mangham even made the grandiose claim that his basic good intentions saved Facebook from "potential annihilation."

• Payments processing services company Global Payments acknowledged a data breach of up to 1.5 million card numbers had been stolen in a data breach, and in June also said it was investigating whether a server containing merchant applicants' information had also been breached. Global Payments said its PCI compliance status had been revoked by some of the card brands because of the breach and it was working to regain it.

May

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats.

Meanwhile, Anonymous claimed it hacked a U.S. Department of Justice website server tied to the U.S. Bureau of Justice Statistics and claimed to release 1.7GB of stolen data from it, with the statement, "We are releasing it to end the corruption that exists, and truly make those who are being oppressed free." The data was offered on The Pirate Bay.

And then Yahoo accidentally leaked the private key that was used to digitally sign its new Axis extension for Google Chrome. Axis is a new search and browsing tool from Yahoo. Security blogger Nik Cubrilovic discovered the package included the private crypto key used by Yahoo to sign the extension, noting it offered a malicious attacker the ability "to create a forged extension that Chrome will authenticate as being from Yahoo." Yahoo was forced to release a new version of its Axis extension for Google Chrome after that.

June

The University of Nebraska in Lincoln acknowledged a data breach that exposed information of more than 654,000 files of personal information on students and employees, plus parents and university alumni. The information was stolen from the Nebraska Student Information Systems database; a student is the suspected culprit.

Other June snafus:

• Hacker gang Swagger Security strikes again, this time breaching the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials. The group said it notified China Telecom of the hack by planting a message in the company's network. "Fortunately for them, we did not destroy their infrastructure and rendered [stet] millions of customers without communications," Swagger Security, also known as SwaggSec, said in a note.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News