Data Breach Ripples: Week of April 03

Posted by Zach Walker on Apr 3, 2015 1:30:00 PM
Find me on:

DBR-Email-Header-4215

In this week's issue: various Dark Net sites are selling thousands of Uber passwords, the U.S. Justice Department wants power to fight U.S. card fraud abroad, business communications app Slack suffers a data breach, President Obama declares cyberattacks a national emergency and this week we're proud to introduce our latest white paper on EMV adoption in the U.S.

DARK NET SITES SELLING THOUSANDS OF UBER PASSWORDS, COMPANY DENIES DATA BREACH

After reports emerged that thousands of user log-in credentials for Uber’s mobile app were for sale on various underground marketplaces, Uber has denied that it was the victim of a data breach. First reported by Motherboard, active username and passwords were listed for sale for as little as $1 per account. Uber’s mobile app currently shows only the last four digits and expiration date of a user credit or debit card when logged in.

However, with unauthorized access to a user’s account, fraudsters can view a user’s entire trip history and with that, potentially gain additional personal information such as a home address. Fraudsters can then use the stolen login info to order rides on the user’s dime.

JUSTICE DEPARTMENT WANTS POWER TO FIGHT U.S. CARD FRAUD ABROAD

In a blog post written by The United States Department of Justice’s Criminal Division, discusses the need for additional power to fight cybercriminals and payment card fraud abroad. Currently, the U.S. Justice Department is only able to prosecute cybercriminals if they can prove that stolen payment cards are sold in the U.S. or that the seller of the cards keeps illicit profits in bank here in the United States.

If the current law were to be amended, the United States would be able to prosecute anyone who is in possession of stolen credit and debit cards issued by U.S. financial institutions, regardless of where the payment cards are being stored.

SLACK'S DATA BREACH MAY BE WORSE THAN IT'S LETTING ON

In case you missed it, business communication app Slack reported that the company had suffered a data breach. In a blog post on Slack’s website, the user database that was accessed contained user names, email addresses, phone numbers, Skype IDs and one-way encrypted passwords.

However, many security experts believe that Slack’s data breach may end up having a larger impact on its users. Even with encrypted passwords, cybercrimnals will still be able to break the encryption. Fraudsters can then use the stolen credentials to test for user accounts on other websites.

Slack users who reuse passwords on other websites could be at higher risk for additional compromises and should change passwords to avoid further issues.

PRESIDENT OBAMA DECLARES CYBERATTACKS A 'NATIONAL EMERGENCY'

On Wednesday, President Obama declared that the increasing number of cyberattacks targeting U.S. businesses and consumers is a national emergency and has issued an executive order to allow sanctions on the responsible parties of the attacks.

With the number of data breaches in the U.S. increasing by 27.5% in the past year, the White House has issued a response to security breaches. The president’s executive order will give power to the U.S. Treasury Department to impose sanctions on individuals or entities that are behind cyberattacks, essentially freezing any assets of the indicted criminals.

RIPPLESHOT CONTENT: EMV ADOPTION IN THE U.S. WHITE PAPER

We’re excited to share with you our latest white paper, EMV Adoption In The U.S. As more and more consumers in the United States are introduced to chip and PIN (EMV) cards, we take an in-depth look at the pros and cons of EMV-compliant cards.

We’ll cover everything from the expected drop in card present fraud after U.S. implementation, to EMV’s impact in Europe and abroad.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.

 

New Call-to-action  

Topics: Data Breach Ripples