Hackers Remember Your MySpace Password, Steal from Military Base Exchanges, and Force Reddit to Reset Your Password

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Remember MySpace? Well, So Do the LinkedIn Hackers.

The same person who last week was selling data on more than 164 million LinkedIn users (cleaved from a 2012 breach), now claims to have 360 million emails and passwords of MySpace users.

Known as Peace, the hacker says it’s from a past, unreported, breach. This data was bound to leak eventually, according to LeakedSource, a hacked data search engine that also claims to have the credentials.

“It's the nature of information. ‘Three can keep a secret, if two of them are dead,’” the operator of LeakedSource told Motherboard. “Once data gets traded a few times, eventually it will make its way to somebody who is not trustworthy to keep it a secret, and then it will spread like branches of a tree.”

LeakedSource wrote the data was provided by someone who goes by the alias Tessa88. But in an interview with Motherboard, the operator said they were unaware of the real origins of the data breach, such as who originally breached MySpace, nor who has had the data “this whole time” or when the company was hacked.

"Either the company never found out, or didn’t disclose it, neither publicly nor to its users,"Motherboard reports. "If all the data indeed comes from MySpace, this would be the largest breach of emails and passwords ever." 

The database contains 427,484,128 passwords, but there are only 360,213,024 million emails.

Each record in the hacked dataset contains “an email address, a username, one password and in some cases a second password,” according to LeakedSource.

MySpace still had a reported 50 million unique visitors per month as of 2015.

D.C. National Guardsman Allegedly Used Stolen Cards to Buy Army Exchange Luxury Goods

Four Army National Guard members from the Washington area are accused of using Bitcoin to buy stolen credit and debit card numbers from foreign websites. The suspects allegedly then re-encoded plastic cards with their own names using the stolen numbers, and then fraudulently bought items at Army and Air Force Exchange Service stores on military bases and elsewhere for use and resale.

The Guard members charged are: Derrick K. Shelton II, 28, of Washington, D.C.; James C. Stewart III, 25, of District Heights, Maryland; and Quentin T. Stewart, 28, of Parkville, Maryland. 

A fourth national guardsman, Vincent Anthony Grant, 27, of Laurel, Maryland, was also indicted in a separate case involving a similar fraud scheme. The indictments were returned May 9 and unsealed May 20 following the arrests of the defendants.

Shelton, James Stewart and Grant were specialists, and Quentin Stewart was a former sergeant, all in the District of Columbia Army National Guard.

The accused allegedly sought out stolen numbers from individuals and businesses with federal credit union accounts, and those with billing addresses in or near Maryland. The men reportedly bought magnetic strip card-encoding devices and software to re-encode credit, debit and other cards with the stolen credit and debit card numbers.

The defendants are charged with using the re-encoded cards to buy gift cards, electronic items and luxury goods, from Army and Air Force Exchange stores on military bases, and other locations in Maryland and elsewhere.

Kansas Heart Hospital One of the Latest Victims of Ransomware

The health care center was held hostage by hackers and denied access to its files until it paid them. 

"I'm not at liberty because it's an ongoing investigation, to say the actual exact amount. A small amount was made," the hospital's president, Dr. Greg Duick, said. 

But even after the hospital paid, the hackers didn't return full access to the files. Instead, they demanded another ransom. The hospital says it will not pay again.

"The policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy," Durick said.

The hackers never reached patient information.

About 9 p.m. on May 18, a hospital employee lost access to files.

"It would be like you're working on your computer and all of a sudden, your computer says, sorry can't help you anymore," Duick said. "It became widespread throughout the institution."

The hospital is working with its information technology team and security experts to restore the rest of the system.

Uptick in Compromised Accounts at Reddit

Reddit has had to reset the passwords of 100,000 users in two weeks, because of hacks. The company disclosed May 26 there has been a jump in account hijackings by malicious -- or at best spammy -- third parties. 

“Though Reddit itself has not been exploited, even the best security in the world won't work when users are reusing passwords between sites," Reddit’s founding engineer Christopher Slowe wrote on the company's website. 

There will be more password resets “as we continue to verify and validate that no one except for you is using your account,” Slowe said.