Yahoo says one billion accounts exposed in newly discovered security breach
Yahoo Inc. warned on Wednesday that it had uncovered yet another massive cyber attack, saying data from more than 1 billion user accounts was compromised in August 2013, making it the largest breach in history.
The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion. Following the latest disclosure, Verizon said, “We will review the impact of this new development before reaching any final conclusions.”
Yahoo also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.
“Yahoo badly screwed up,” said Bruce Schneier, a cryptologist and one of the world’s most respected security experts. “They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”
Yahoo was tentative in its description of new problems, saying the incident was “likely” distinct from the one it reported in September and that stolen information “may have included” names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. It said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected. [Source: Reuters]
Organized retail crime on the rise
For the first time in the 12-year history of the National Retail Federation’s organized retail crime survey, every responding retail company — 59 in total — said it had been a victim of organized retail crime in the past 12 months. In addition, 83 percent of respondents, all top-level loss prevention executives, reported that ORC activity had increased in the past 12 months: 44 percent reported a “significant increase” while 39 percent reported a “slight increase.”
The survey also uncovered a trend of ORC criminals and shoplifters becoming “more aggressive and brazen;” 97 percent reported an increase in the levels of aggression, and one in six felt the level of aggression was much higher than the previous year.
“Shoplifters are more confrontational with our LP officers,” one respondent said. “Even if we do catch them, it’s just a slap on the wrist. Short of pulling a gun on our LP team, they will always be cited and released by the police. Even if they attack our team, they are not charged with a battery or robbery anymore. It’s all just considered part of theft crime.”
The average loss attributable to ORC was $700,259 per $1 billion in retail sales, up significantly from 2015’s average of $453,940. Even though the survey found that the average dollar amount of retail personnel dedicated to combating ORC reached an all-time high of $545,694, more than half of responding companies had “not allocated additional resources in personnel or technology” in the past 12 months.
Nearly 80 percent of respondents said a federal law is needed to combat ORC, with stronger penalties acting as a deterrent. A federal law would remove jurisdictional issues in what increasingly is becoming an interstate crime. [Source: The National Retail Federation]
Retail sales inch up in November
The start of the holiday shopping season did not bring with it a big jump in retail sales. Retail sales, excluding automobiles, gasoline stations and restaurants, increased 0.1% in November, less than many analysts had expected according to a National Retail Federation report. The gain came on top of a strong October, and that retail sales were up 5% year-over year. November’s results indicate that retail sales for the holiday season will meet or exceed its holiday forecast, which anticipates an increase of 3.6% over last year’s level for November and December.
In other NRF findings:
- Online and other non-store sales increased 0.1% seasonally adjusted over the previous month and increased 15.3% unadjusted year-over-year.
- Sales at clothing and accessories stores were flat from the previous month and increased 1.9% unadjusted year-over-year.
- Sales at general merchandise stores increased 0.1% seasonally adjusted over the previous month and decreased 1.4% year-over-year.
- Electronics and appliances stores’ sales increased 0.1% seasonally adjusted over the previous month and decreased 2.5% unadjusted year-over-year.
- Furniture and home furnishings stores’ sales decreased 0.7% seasonally adjusted over the previous month and decreased 7.2% unadjusted year-over-year.
- Sales at building materials and supplies stores increased 0.3% seasonally adjusted over the previous month and increased 7.5% unadjusted year-over-year.
- Sporting goods stores’ sales decreased 1% seasonally adjusted over the previous month and increased 1.6% unadjusted year-over-year.
- Sales at health and personal care stores increased 0.1% seasonally adjusted over the previous month and increased 7.7% unadjusted year-over-year.
[Source: Chain Store Age]
91% of cyber attacks start with a phishing email
The majority of cyber attacks begin with a user clicking on a phishing email. According to a new report from PhishMe 91% of cyber attacks start with a phish, the top reasons people are duped by phishing emails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity.
“Fear and urgency are a normal part of every day work for many users,” says Aaron Higbee, co-founder and CTO of PhishMe. “Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing.”
The study was based on more than 40 million simulation emails by about 1,000 of its customers around the world. The study took place over an 18-month span from January 2015 through July 2016.
Among the study’s top findings:
- Susceptibility to phishing email drops almost 20% after a company runs just one failed simulation. So people do learn.
- Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company’s population, even in the first year.
- Active reporting of phishing email threats can reduce the standard time for detection of a breach to 1.2 hours on average – a significant improvement over the current industry average of 146 days.
- The study also found that users respond to Locky ransomware’s phishing lures (21.5%) more than any other malware variant. The others that followed Locky included order confirmation (17%), job application received (15.5%), and blank email (11.9%).
[Source: Dark Reading]
Suspect arrested in 12 cell phone store robberies
A man suspected in as many as 12 armed robberies has been captured in Tempe, Arizona. Gilbert Martinez is accused of stealing hundreds of dollars in cash, and thousands of dollars worth of cell phones from Valley cell phone stores, according to court records.
Police report that Martinez went into the Boost Mobile cell phone store acting like a typical customer, until he told the employee, “Don’t do anything dumb, open the drawer, I have a gun.” Police say that when the employee hit the silent alarm, Martinez became nervous and fled, only taking the hand sanitizer he was holding while in the store. Five days later, Martinez allegedly struck again, this time at a Cricket store. In this case, police say Martinez took money from the cash drawer and then asked the employee “where the big money was.” The employee went to the back room and got him a bank bag with cash inside. A couple of weeks later, he reportedly robbed another cell phone store, this time getting money and a box full of cell phones.
Police received information that indicated Martinez, who had previously served seven years in prison for similar crimes, might be the person responsible for the robberies. Victims who were shown his photo identified him as the suspect. When police located Martinez at his Tempe home, he ran from officers and threw his handgun into a nearby parking structure. After he was caught, Martinez told police that he planned on killing himself with the one bullet that was in the gun. Martinez has been charged with one count of armed robbery, but police say he is a suspect in a dozen armed robberies. [Source: ABC News Phoenix]
Walgreens employee charged with felony embezzlement
Prosecutors in Cherokee County, Oklahoma have charged a former Walgreens employee after she allegedly confessed to stealing merchandise and using customer receipts to give herself cash refunds, resulting in a loss of nearly $11,000. Jessica Coulter is charged with felony embezzlement. Prosecutors allege the thefts began in November 2014 and continued until October 2016.
Officer Reed Felts first took a report when he met with Walgreens Asset Protection Manager George Schaeffer. Schaeffer received a lead that suggested Coulter was stealing money from the business. He told the officer he reviewed surveillance footage and saw Coulter remove a receipt from her pocket and carry out a “cash refund” worth $23.52. There was no customer present when the transaction occurred, and Coulter placed the money inside her pocket.
When Schaeffer visited Tahlequah and questioned Coulter, she allegedly confessed to making fraudulent refunds for several months, estimating she did so three times a week and often averaged $20 per “refund.” But she also told Schaeffer she would take food, drinks, cosmetic items and other “stupid things” about three times a week, averaging around $35 each time.She estimated her theft of merchandise and money from the false returns totaled nearly $11,000. Coulter also claimed a former Walgreens employee told her about the cash refund scam and even showed Coulter how to carry it out. [Source: Tahlequah Daily Press]
Infamous jewel thief Doris Payne, 86, arrested again
Legendary jewel thief Doris Payne’s love of bling has landed her in the clink once again. The 86-year-old, whose globe-trotting exploits were chronicled in a 2013 documentary, was arrested this week in the Atlanta suburb Dunwoody for allegedly trying to swipe a $2,000 necklace from a mall jewelry store. The bust comes a year after she was arrested at another Atlanta mall and charged with stealing $690 Christian Dior earrings from a Saks Fifth Avenue store. Charges in that case are still pending, and there is also a warrant out for her arrest in connection with a July 2015 theft of a diamond engagement ring from a store in Charlotte.
In past interviews, Payne has played coy about her crimes and what she has said is more than 20 arrests. She will call herself a thief in one breath and then deny stealing in the next. “I don’t dictate what happens when I walk in the store. The people in charge dictate what happens with me when I walk in the store,” Payne told the Associated Press earlier this year. “I don’t tell a person in the store I want to see something that costs $10,000. They make those decisions based on how I present myself and how I look.”
Matthew Pond, co-director and co-producer of the documentary “The Life and Crimes of Doris Payne,” said he was sad but not surprised to hear of his former subject’s latest run-in with the law. “The documentary we made about her focused on a crime she was accused of in San Diego and during her sentencing, as sad as he was to have to send her to prison, the judge said, ‘She’s the Terminator. She won’t stop,'” Pond said. “And now I’m thinking of her, 86 years old and arrested again, and I’m thinking he was right. She won’t stop.” [Source: NBC News Atlanta]
The post Breaking News in the Industry: December 15, 2016 appeared first on LPM.