Blog

Malware-Driven Card Breach at Hyatt Hotels

Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. Hyatt’s notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data stolen as a result. Hyatt did say that it has taken steps to strengthen its systems, and that “customers can feel confident using payment cards [...]

Expect Phishers to Up Their Game in 2016

Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it. New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device. According to TechCrunch, Google is giving select Gmail users a password-free means of signing in. It uses a “push” notification [...]

Oracle, LifeLock Settle FTC Deception Charges

The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers about security. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle’s legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software. The FTC sued Oracle over years of [...]

Password Thieves Target E-Giftcard Firm Gyft

Digital gift card retailer Gyft has forced a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. Mountain View, Calif. based Gyft lets customers buy and use gift cards entirely from their mobile devices. Acting on a tip from a trusted source in the cybercrime underground who reported that a cache of account data on Gyft customers was on offer for the right bidder, KrebsOnSecurity contacted Gyft [...]

Banks: Card Breach at Landry’s Restaurants

Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s.  Update, 2:57 p.m. ET: Landry’s has acknowledged an investigation. Their press release is available here (PDF). Original story: Houston-based Landry’s Inc. owns and operates more than 500 properties, such as Landry’s Seafood, Chart House and Rainforest Cafe. Last week, I began hearing [...]

Skimmers Found at Some Calif., Colo. Safeways

Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores. Banking sources say they’ve been trying to figure out why so many customers in the Denver and Englewood areas of Colorado were seeing their debit cards drained of cash at ATMs after shopping at Safeways there. The [...]

13 Million MacKeeper Users Exposed

The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even own a Mac, and discovered the data trove merely by browsing Shodan — a specialized search engine that looks for and indexes virtually anything [...]

Don’t Be a Victim of Tax Refund Fraud in ’16

With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect you and your family. The good news is that the states and Uncle Sam have got a whole new bag of technological tricks up their [...]

The Role of Phony Returns in Gift Card Fraud

On any given day, there are thousands of gift cards from top retailers for sale online that can be had for a fraction of their face value. Some of these are exactly what they appear to be: legitimate gift cards sold through third-party sites that specialize in reselling used or unwanted cards. But many of the more steeply discounted gift cards for sale online are in fact the product of merchandise return fraud, meaning consumers who purchase them unwittingly help thieves rob the [...]

Adobe, Microsoft Each Plug 70+ Security Holes

Adobe and Microsoft today independently issued software updates to plug critical security holes in their software. Adobe released a patch that fixes a whopping 78 security vulnerabilities in its Flash Player software. Microsoft pushed a dozen patch bundles to address at least 71 flaws in various versions of the Windows operating system and associated software. Three-quarters of the patches Microsoft issued earned the company’s most dire “critical” rating, meaning malware or attackers could use the flaws fixed in these patches [...]