America's #1 Online Cigar Auction
first, best, biggest!

You want my identity, help yourself. Lifelock can suck it!

No ****!!! I do feel sorry for anybody that has had their identity stolen, it is just that I strongly dislike corporations employing fear tactics to get people to spend their hard earned money.

Best to just to away with social security entirely.

Number of U.S. government 'cyber incidents' jumps in 2015

By Dustin Volz

WASHINGTON (Reuters) - The U.S. government was hit by more than 77,000 "cyber incidents" like data thefts or other security breaches in fiscal year 2015, a 10 percent increase over the previous year, according to a White House audit.

Part of the uptick stems from federal agencies improving their ability to identify and detect incidents, the annual performance review from the Office and Management and Budget said.

The report, released on Friday, defines cyber incidents broadly as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” Only a small number of the incidents would be considered as significant data breaches.

National security and intelligence officials have long warned that cyber attacks are among the most serious threats facing the United States. President Barack Obama asked Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year.

The government's Office of Personnel Management was victim of a massive hack that began in 2014 and was detected last year. Some 22 million current and former federal employees and contractors in addition to family members had their Social Security numbers, birthdays, addresses and other personal data pilfered in the breach.

That event prompted the government to launch a 30-day “cyber security sprint” to boost cyber security within each federal agency by encouraging adoption of multiple-factor authentication and addressing other vulnerabilities.

“Despite unprecedented improvements in securing federal information resources … malicious actors continue to gain unauthorized access to, and compromise, federal networks, information systems, and data,” the report said.

(Reporting by Dustin Volz; Editing by Alistair Bell)


http://finance.yahoo.com/news/number-u-government-cyber-incidents-205016113.html





.

Adobe readies emergency patch for Flash zero-day bug exploited in the wild

The zero-day vulnerability allows attackers to take complete control of a victim's system.

By Charlie Osborne for Zero Day | April 6, 2016 -- 10:38 GMT (03:38 PDT) | Topic: Security

Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control.

On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 21.0.0.197 and earlier. The bug impacts Windows, Mac, Linux and Chrome operating systems.

The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe.

Adobe has received reports that the vulnerability is being actively exploited in the wild, which is bad news for users of older software. Until an update and fix is released to patch the flaw, anyone actively using Adobe Flash 21.0.0.197 and earlier is vulnerable to attack.

---

http://www.zdnet.com/article/adobe-readies-emergency-patch-for-flash-zero-day-bug-exploited-in-the-wild/







.

Hundreds of Spotify credentials appear online – users report accounts hacked, emails changed

Posted yesterday by Sarah Perez (@sarahintampa)

A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach. After reaching out to a random sampling of the victims via email, we’ve confirmed that these users’ Spotify accounts were compromised only days ago. However, Spotify says that it “has not been hacked” and its “user records are secure.”

It’s unclear, then, where these particular account details were acquired, given that they are specific to Spotify, rather than a set of generic credentials that just happen to work on Spotify.

- - - - - - - - - - - - - - - -

http://techcrunch.com/2016/04/25/hundreds-of-spotify-credentials-appear-online-users-report-accounts-hacked-emails-changed/




.

Hackers are trading millions of Gmail, Hotmail, Yahoo logins
Change your password right now. Like NOW!
By N. Ingraham
May 4 2016, 6:38pm ET

Source: Reuters

Email services including Gmail, Yahoo Mail and Hotmail have fallen victim to a hack, exposing usernames and passwords for millions of users. According to Reuters, a huge data breach consisting of some 273.3 million online accounts has been reported by security expert Alex Holden of Hold Security. All told, the data breach contains 57 million accounts for the Russian email provider Mail.ru, along with 40 million Yahoo Mail credentials, 33 million Hotmail accounts and 24 million Gmail accounts.

In addition, the breach reportedly contains hundreds of thousands of German and Chinese email addresses as well as thousands of username / password combos that appear to belong to employees from US banking, manufacturing and retail companies.

Hold Security apparently came upon this data directly from the hacker, who was selling the data set for the curiously low sum of less than $1. Holden instead told the hacker that he would post "favorable comments" about him in various hacker forums; that was enough to get the hacker to turn the data over. About ten days ago, Hold Security started informing the companies affected of the data breach; the company's policy is to return stolen data to the companies affected.

It's worth noting that while tens of millions of Gmail, Yahoo and Hotmail accounts were affected, the total percentage of accounts compromised compared to the total in circulation is relatively small. Google recently announced that more than one billion people are using Gmail, for example. But given people's propensity to reuse passwords, this breach could have wider-reaching effects. Either way, better safe than sorry -- if you haven't changed your password recently, now is as good a time as any. Also, turn on two-factor authentication!


- - - - - - - - - - - - - - - -

http://www.engadget.com/2016/05/04/gmail-hotmail-yahoo-email-data-breach/





.

I suddenly have an avalanche of PM's.

Not to worry, I'll be clearing them out one by one.

Thanks




.

Hey man, don't come on this site talking commonsense, dude.
The Republicrats and Demicans can't handle it.

Topped for Fender

Acer online store hacked: Customers' credit card details and private data exposed

= = = = = = = = = =

Taiwanese consumer electronics manufacturer Acer has revealed that its US online store Acer.com has suffered a data breach that potentially could have affected every single customer who accessed the website over the past 12 months.

Acer has sent a letter informing all users of its online store in the US that they have might have had their names, addresses, payment card numbers, card expiry dates and card security CCV three digit numbers comprised if they accessed the website between 12 May 2015 and 28 April 2016.

The firm is not revealing how many users have been impacted by the data breach, but it says that following an investigation by its staff and a team of outside cybersecurity experts, it can confirm that no evidence was found of the attackers gaining access to user login credentials like usernames and passwords.

= = = = = = = = = =

http://www.msn.com/en-us/money/technology/acer-online-store-hacked-customers-credit-card-details-and-private-data-exposed/ar-AAhitcR?ocid=ansmsnmoney11


= = =

"it can confirm that no evidence was found of the attackers gaining access to user login credentials like usernames and passwords."

The FTC said that years ago. In a legal brief against a very popular idtheft company, the FTC said that id theft cannot be detected nor prevented.


.

The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013, according a congressional report on Wednesday that cited an internal investigation by the banking regulator.

"Even the former Chairwoman's computer had been hacked by a foreign government, likely the Chinese," staff at the U.S. House of Representatives Committee on Science, Space and Technology said in the report.

The Chinese Embassy in Washington did not have immediate comment on the allegations.

China has long been a prolific hacking adversary for the United States, although intelligence officials believe Beijing has decreased its hacking activity since signing a pledge with Washington last September to refrain from breaking into computer systems for the purposes of commercial espionage.

The congressional report provided the latest example of how deeply Beijing has penetrated U.S. government computers.

- - - - -

http://www.msn.com/en-us/money/markets/china-likely-hacked-us-banking-regulator-report-finds/ar-BBuiu7c?ocid=ansmsnnews11

Interesting post.

The FTC said that id theft can't be detected so we don't know. I am sure that CigarBid uses the best technology they have available to them. But frankly that wouldn't matter because the FTC also said that id theft can't be prevented. If you think CBid's systems are more robust than the FDIC systems (see thread before yours) then I wouldn't worry much.

It's interesting that the article above was posted recently (07/13/2016), but it was reporting on hacks that happened 3, 5, and 6 years ago. It sometimes takes awhile fore the hacked info to be used.

Sometimes folks will tell me that they haven't been affected by hackers. I ask them "How do you know?"

The fact is that the vast majority of the people on this forum have had their personal info compromised. But they won't find out about it for a year or two from now.





.

To be clear, I'm not saying that most of us have had our personal identification compromised BECAUSE we are active in this forum. I'm saying it because your odds of having your identity stolen is 1 in 30 (children it's 1 in 10). Some people have their info"out there" but no one is using it to impersonate them. Having your info "out there" is not the same as identity theft.

Compromised - someone has your identifying data

Identity theft - someone uses that data to impersonate you.

So more than 1 in thirty have their identifying info compromised. And I'm comfortable guessing that, in light of the numbers of high-level high-government secured servers hacked (almost weekly), the vast majority of us have our info "out there."

I've had my LinkedIn account compromised. So far, to my knowledge, no person is using the info to say they're me.

I have no connection to these people, but you can go to https://haveibeenpwned.com/ and enter your e-mail address. It will check databases of breached content to see if you've been compromised.

It's free.



.

The Morning Download: Bitcoin Hack Underscores Persistent Challenge of Securing Digital Currency

By Steve Rosenbush | Aug 3, 2016 8:01 am ET

Good morning. Bitfinex, the Hong Kong-based exchange where bitcoin is traded, said it was hacked, sending the price of the digital currency lower, the WSJ reports. The possible theft of $65 million in bitcoin follows the $60 million theft in June of rival digital currency ethereum, which together constitute something of a digital currency crime wave. “Securing the bitcoin trading platform has proved elusive,” the WSJ notes.

There’s plenty of incentive to close the security problems, given that blockchain, the underlying technology, can make markets more efficient by removing the middleman. (See our CIO Explainer: What Is Blockchain?) International Business Machines Corp. said it is using blockchain to resolve customer disputes, as CIO Journal reported.

Perhaps it’s unreasonable to expect digital technology to eliminate crime as we know it. But there’s something uniquely disarming about the risk of theft in cyberspace, where vulnerabilities can appear to be more systemic in nature.




= = = = = = = = = = = = = = = = = = = =

http://blogs.wsj.com/cio/2016/08/03/the-morning-download-bitcoin-hack-underscores-persistent-challenge-of-securing-digital-currency/





- - -

Anybody using ApplePay or PayPal?


.

I recently got a very small car loan to buy a
Used car...
Lifelock never even called me to check if it was legit...
The only time I hear from them is 3-4 times a year when they say everything is ok...
But they always tell me when I get billed
$99.00 per year for the service.

Big bear, what company-nies? Do you like or use?

I know you have mentioned a few,
But can you
Refresh their names again...
And yearly fees?

Thanks,
Mr. Jones

Report: Yahoo may confirm massive data breach

SAN FRANCISCO — Internet portal and search firm Yahoo may confirm this week a massive data breach that exposed information about tens of millions of its users, according to the technology news website Recode.

The confirmation would follow a Yahoo investigation into claims that surfaced in early August that a hacker using the name "Peace" was trying to sell the usernames, passwords and dates of birth of Yahoo account users on the dark web — a black market of thousands of secret websites.

A Yahoo representative was not immediately available to comment on the report.

The breach may affect up to 200 million user accounts, Recode reported.

= = = = = = = = = = = = = = = = = = = = =


http://www.usatoday.com/story/tech/2016/09/22/report-yahoo-may-confirm-massive-data-breach/90824934/




.

Suspected JP Morgan hacker arrested after returning from Moscow

NEW YORK -- A U.S. citizen living in Moscow was arrested Wednesday after he flew to the United States to surrender to face charges he stole contact information for over 100 million customers of U.S. financial institutions, brokerage firms and financial news publishers, authorities said.

Joshua Samuel Aaron, 32, was arrested at Kennedy Airport on Wednesday. He pleaded not guilty to a 22-count indictment charging him with conspiracy, computer hacking, securities fraud and wire fraud, among other charges.

▃▃▃▃▃▃▃▃▃▃▃▃▃▃▃▃▃▃

http://www.cbsnews.com/news/joshua-samuel-aaron-suspected-jp-morgan-hacker-arrested-after-returning-from-moscow/



.

QuestDiagnostics
3 Giralda Farms
Madison, New Jersey 07940

December 12, 2016

[Patient Name]
[Patient Address line one]
[Patient Address line two]

Dear [Patient Name]:

Quest Diagnostics regrets to notify you of a breach of your Protected Health Information (PHI) which we became aware of on November 28, 2016. Here are the details of the breach:

On November 26th an unauthorized third party accessed the MyQuest by Care360® internet application and obtained PHI of approximately 34,000 patients. The data included name, date of birth, lab results, and, in some instances, telephone numbers.

The affected information did not include Social Security numbers, credit card information, insurance or other financial information.

When the intrusion was discovered, we immediately took steps to stop any further unauthorized activity. We are taking steps to prevent similar incidents from happening in the future, and are working with a leading cybersecurity firm to assist with our investigation and to further evaluate our systems. We have also reported the incident to federal law enforcement authorities.

Quest Diagnostics has no evidence that any information has been misused in any way, so we do not believe that you need to take any steps at this time to protect yourself in response to this breach.

We sincerely apologize for this breach of your information. We have established a dedicated toll free number for you to call if you have any questions regarding this incident. The number is (888) 320-9970 and can be reached Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time.

Sincerely,
Carl A. Landorno
Executive Director, Compliance Operations & Privacy Officer

= = = = = = =

from wikipedia
https://en.wikipedia.org/wiki/Quest_Diagnostics

Quest Diagnostics Incorporated is a Fortune 500 company providing clinical laboratory services with headquarters in Madison, New Jersey. Founded in 1967 as Metropolitan Pathology Laboratory, Inc., it became an independent corporation with the Quest name on December 31, 1996. In addition to the United States, Quest Diagnostics also runs operations in United Kingdom, Mexico, Brazil, Puerto Rico and a laboratory in India and also has collaborative agreements internationally with various hospitals and clinics. It is a member of the Fortune 500 and the S&P 500, with corporate headquarters located in Madison, New Jersey. The company has approximately 44,000 employees, generates more than $7 billion in revenue and offers access to diagnostic testing services for cancer, cardiovascular disease, infectious disease and neurological disorders.


= = = = = = =

This begs a lot of questions.






.

I've had three credit card accounts jacked this past year...could be worse...didn't lose anything but time and aggravation having to close accounts, fill out affidavits, open new accounts.

Delta - That's sounds like identity theft. How much time do you think you spent? Just curious.

Deadeye - Sounds like fraud, not necessarily id theft.

Most of us have been the victim of a hack. It's just a matter of time before someone uses the info.

$400 on a credit card is no big deal. They usually just remove it with a phone call and you're done. When someone opens a small business line of credit, that $200,000 is going to take more than a phone call. Of course if you go to jail because someone got booked and used your ID, well, it's a much more complicated and dangerous situation.

Our program does complete restoration with one phone call. Lifelock is just now catching on the restoration is WAY better than monitoring. We've been on it for years.

Credit monitoring is a car alarm; restoration service is like car insurance.

I think the $100/year per family is well worth it.








.

Pffft. I ain't gotta pay for phone calls.

My identity was stolen once. Credit score actually went up.

For the curious:

2017 Experian Data Breach Industry Forecast


http://www.experian.com/assets/data-breach/white-papers/2017-experian-data-breach-industry-forecast.pdf



.

The World Wide Web's inventor warns it's in peril

- - -

Tim Berners-Lee, who invented the World Wide Web, now wants to save it.

The computer scientist who wrote the blueprint for what would become the World Wide Web 28 years ago today is alarmed at what has happened to it in the past year.

"Over the past 12 months, I’ve become increasingly worried about three new trends, which I believe we must tackle in order for the web to fulfill its true potential as a tool which serves all of humanity," he said in a statement issued from London. He cited compromised personal data; fake news that he says has "spread like wildfire"; and the lack of regulation in political advertising, which he says threatens democracy.

- - -

http://www.msn.com/en-us/news/technology/the-world-wide-webs-inventor-warns-its-in-peril/ar-AAo9BHm?OCID=ansmsnnews11



.