Web.com Latest Hacking Victim
Hackers gain unauthorized access to the computers of Internet services provider Web.com Group and stole credit card information of 93,000 customers.
According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.
Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.
According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.
Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.
The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.
Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.
Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.
Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html
Verizon Fixes Serious Securty Flaw In FiOS
Comments Off on Verizon Fixes Serious Securty Flaw In FiOS
Verizon corrected a serious vulnerability in its My FiOS mobile application that granted unfettered access to email accounts, according to a developer who found the problem.
Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.
“Since Verizon has a good amount of my information, I thought it would be a good candidate for research,” Westergren wrote on his personal blog. “I was right, and the results were astonishing.”
The flaw, contained in the application’s API, could have allowed an attacker to read individual messages from a person’s Verizon inbox and even send emails from an account, he wrote.
Westergren looked at the traffic sent back and forth between My FiOS and Verizon’s servers. He found My FiOS would return the content of someone else’s email inbox by simply substituting a different user ID in a request.
He contacted Verizony, which later acknowledged the problem. Verizon issued a fix last Friday, Westergren wrote.
“Verizon’s security group seemed to immediately realize the impact of this vulnerability and took it very seriously,” Westergren wrote. “They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude.”