The catchily dubbed the KRACK attack, a flaw in a protocol that encrypts Wi-Fi networks, and reports that hackers stole Microsoft's database of bugs in 2013 nabbed headlines but that's not all that happened in cyberspace. Here's what else went on in Threatwatch, Nextgov's regularly updated index of cyber events.
We Heart It, an imaging sharing site, notified users Oct. 13 of a breach that may have exposed 8 million users’ email addresses, usernames and encrypted passwords.
Though waning in popularity, the site and accompanying app were primarily used by 15- to 24-years-olds to share fashion, photography and other visual media, according to TechCrunch.
A company statement said its account database was leaked “several years ago” and impacts accounts created between 2008 and November 2013. Even though the passwords were encrypted, the company said users should update their passwords if they haven’t changed since 2013 or are used on other sites.
“The encryption algorithms commonly used to encrypt passwords in 2013 are no longer secure due to advancements in computer hardware,” the company said, adding that it has started encrypting passwords with the bcrypt algorithm.
A database of more than 30 million South Africans’ personal information was published online, though who owns it isn’t clear, according to a security researcher.
Troy Hunt, who operates breach notification website Have I Been Pwned?, was sent the data and thought it could be a government database or perhaps a commercial entity like a credit bureau, according to a Tech Central report.
The database exposed government-issued ID numbers (like Social Security numbers), names, genders, marital status, incomes, employment details and property ownership information, International Business Times reported. The database, which includes information on living and deceased South Africans, appears to have been uploaded in April 2015.
Information on an unknown number of pizza lovers was stolen early this month after hackers sliced their way into Pizza Hut’s website for a 28-hour period, PCMag reported.
Between Oct. 1 and Oct. 2, hackers made off with the names, billing ZIP codes, delivery addresses, email addresses and payment information of Pizza Hut customers who ordered through the company’s website and mobile app. The nationwide chain alerted people potentially affected by the breach via email on Oct. 14.
Pizza Hut said the company quickly spotted and cut off the attack, and estimate that less than 1 percent of website visitors were affected. Still, a number of victims are cheesed off after the company took two weeks to reveal the attack, saying fraudulent charges already appeared in their bank statements.