By Manny Fernandez

December 23, 2016

Data Breaches – December 2016

Below are the breaches for December 2016 that were made public. If you have accounts with any of there services/companies make sure you change your passwords and ensure you are monitoring your credit for anomalies.

ORGANIZATION: Yahoo
DATE OF BREACH: August 2013
DATE MADE PUBLIC: December 14, 2016
RECORDS AFFECTED: 1 Billion
DATA COMPROMISED:

Back in September of this year, Yahoo disclosed that 500 million of their user accounts had been breached. Now, a separate incident dating back to August 2013 has been uncovered which has doubled the records affected to 1 Billion.
The two attacks are the largest known security breaches to date. Compromised information includes names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.

Yahoo is notifying users who may have been affected by the breach and making them change their passwords. They also invalidated unencrypted security questions and answers so that they cannot be used to access an account. For more information, visit Yahoo’s official FAQ page relating to this breach.

—————————————————————————

ORGANIZATION: Dailymotion
DATE OF BREACH: October 20, 2016
DATE MADE PUBLIC: December 5, 2016
RECORDS AFFECTED: 85.2 Million Emails
DATA COMPROMISED:

Popular video sharing platform Dailymotion has allegedly been hacked and tens of millions of user’s information have been stolen. The stolen data consists of 85.2 Million unique email addresses and usernames and as many as 18 Million hashed passwords were also taken.
Dailymotion is strongly advising all partners and users to reset their passwords.

—————————————————————————

ORGANIZATION: Lynda
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 17, 2016
RECORDS AFFECTED: 9.5 Million
DATA COMPROMISED:

Lynda.com‘s user database was accessed by unauthorized parties, compromising 55,000 passwords. The online training company notified all 9.5 million of its users that their contact information and courses viewed may also have been accessed. The company reset all logins as a precaution.

—————————————————————————

ORGANIZATION: KFC Colonel Club
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 12, 2016
RECORDS AFFECTED: 1.2 Million
DATA COMPROMISED:

The KFC Colonel’s Club loyalty program is exclusive to the U.K. and Ireland and consists of a mobile app and rewards card. A hack on their website may have released names, addresses, e-mail addresses of their members. KFC advised all Colonel’s Club members to change their passwords
as a precaution.

—————————————————————————

ORGANIZATION: Los Angeles County
DATE OF BREACH: May 2016
DATE MADE PUBLIC: December 19, 2016
RECORDS AFFECTED: 756,000
DATA COMPROMISED:

A Nigerian national hacked the Los Angeles County email system which resulted in the compromise of 756,000 accounts. More than 100 county employees fell victim to a phishing email which then gave the hacker usernames and passwords. Compromised information includes names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers,
and/or medical information.

—————————————————————————

ORGANIZATION: Shiseido Co.
DATE OF BREACH: December 14, 2011 – November 4, 2016
DATE MADE PUBLIC: December 2, 2016
RECORDS AFFECTED: 420,000
DATA COMPROMISED:

Japanese cosmetics maker Shiseido Co. has suffered illegal access to their online store and personal information on about 420,000 customers may have leaked as a result. The stolen records include customers’ names and addresses. The company also confirmed that credit card information on up to
56,000 of the customers may also have leaked.

—————————————————————————

ORGANIZATION: PayAsUGym
DATE OF BREACH: December 15,2016
DATE MADE PUBLIC: December 16, 2016
RECORDS AFFECTED: 305,000
DATA COMPROMISED:

PayAsUGym, which sells passes to gyms around the country, has confirmed that one of its servers has been a victim of a cyber-attack. Email addresses and passwords of its 305,000 users had been stolen. Those customers have now all been emailed and advised to change their password. The company has also migrated to a new server after it sought advice from cyber-security experts.

—————————————————————————

ORGANIZATION: Ameriprise
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 20, 2016
RECORDS AFFECTED: 350 Clients
DATA COMPROMISED:

An advisor working for financial planning giant Ameriprise has inadvertently exposed hundreds of investment portfolios, worth tens of millions of dollars from his unsecured Internet-connected backup drive. On the drive was Social Security, bank account, and financial planning data on about 350
high-value clients. It also contained personal files belonging to the advisor, including a backup of his password manager’s data, which contained his hashed credentials for the company’s internal network.

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story