All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Google now helps catch criminals. The FBI identified a Citibank PIN thief by cross-referencing security camera footage with an ICQ handle and personal photos on ham radio enthusiasts sites. [Information Week]
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
Feel wary about giving applications access to your Facebook page? Worried one of those quizzes or games might be maliciously harvesting your data? You were right to worry. The BBC had the same idea, so they decided to write a program to do just that. And it worked. Not only did it steal the data of Facebook users who installed the application, it also victimized all of their “friends.”
A small California grocery store chain and its…
Police have arrested Paul Hank, a distribution clerk at the Smithtown, NY post office, after he stole credit cards from the mail and went on a shopping spree, says Newsday
This should have been one of the first things your parents told you about avoiding scams, but in case they were busy watching TV or something — here you go:
Phoung Cat Le from the Seattle Post-Intelligencer reports that a colleague of hers is the victim of income tax ID theft. A scammer filed her income taxes before she did, hoping to get a hold of her refund and stimulus check.
When reader Steve went to Wal-Mart to buy Rock Star for his daughter, he reluctantly presented the cashier with a state issued ID containing just his picture, name and signature. Steve’s job is to consult with law enforcement about identity theft, so he’s more careful than the average bear.
We wrote about Eric Drew a few weeks ago—his personal information was stolen by a shady lab technician while he was undergoing treatment in 2004.
You may think that your credit card and banking information is worth a lot of money to potential crooks. If you do, you’re wrong. There’s so much stolen personal information out there and banks are getting so good at cutting off compromised credit cards quickly that it’s driving the price down.
H&R Block is an extremely generous company! They’ve sent you a $5,666.10 refund check and you didn’t even file your taxes with them! Isn’t that nice?
The San Francisco Chronicle has reported that “a flash memory drive containing names, birth dates and driver’s license numbers of more than 3,500 people who either volunteered or visited San Quentin State Prison in a group tour has been lost.” Our reader Paul, who sent us the tip, adds, “When I read it my first thought was, “Gee, I wonder what the chances are of this personal data ending up in criminal hands? Mmm, maybe 100%.” Our favorite part of the story: the data wasn’t encrypted, but prison officials have said that now they’re going to start encrypting it.