Sprint’s mobile network Boost Mobile recently admitted to hackers having breached their customers’ accounts through their main website. The data breach originally occurred back in March and was only recently announced.
A website notification was posted to which the company stated that their site “experienced unauthorized online account activity [and that] an unauthorized person accessed [user] account[s] through [their] Boost phone number and Boost.com PIN code.” The company’s fraud team noted how the incident was quickly taken care of through “a permanent solution [that was used] to prevent similar unauthorized account activity.”
Through access to Boost Mobile’s user account names and PINs, hackers can utilize a type of cyberattack known as credential stuffing to automate and send login requests on the Boost Mobile site to access consumer accounts. The company has already sent a text with a new temporary PIN to those affected by the breach. Users can log into their accounts with the link provided in the text message in order to set a new PIN code. Boost Mobile recommends users reset their PINs if they have not done so already.
In the meantime, the company has also recommended that customers regularly check their Boost Mobile accounts for any fraudulent activity and to report any identity theft or fraud to consumer credit reporting companies.
Recently Microsoft had announced that a security breach had taken place on its Outlook.com site, in which hackers were able to access user accounts, essentially allowing cybercriminals to view email messages, email addresses, and folder names.
According to Microsoft, a support agent’s web mail service was compromised, allowing hackers to access user accounts from January 1st to March 28th, 2019. Once the issue was discovered, the support account was taken down.
Vice’s Motherboard claims that the hackers had access to users’ accounts for six months, to which Microsoft had refuted and stated that the breach occurred within the three month period as mentioned in their notification message to its users. The compromise allowed hackers to even access iCloud accounts to remove the Activation Lock feature on stolen iPhones – a feature that would prevent thieves from factory resetting the devices to sell for profit.
Microsoft had notified those consumers – around six percent – who had their email contents potentially breached by the hackers. The total number of consumers affected by this breach has not been revealed by Microsoft.
In a recent filing with California’s Attorney General Office, 1-800-FLOWERS was revealed to be the victim of a silent malware attack that affected the business within a four year period. As the filing explains, customer credit card information was stolen from the Canadian branch’s website, while the main 1800Flowers.com website was unaffected.
What is interesting to note is how the malware affected the site for four years without any detection. During the time frame between August 15, 2014 and September 15, 2018, consumers’ first and last names, as well as card numbers, expiry dates, and security codes were all accessed by the unknown hacker(s).
The report did not disclose the number of consumers affected by the breach, but the company is required to inform its customers of the incident when a breach affects more than 500 people, this according to California law.
Interestingly enough, 1-800-FLOWERS was the second company to report a four-year long breach, as the Marriott was also affected within a four-year period when hackers stole 500 million guest records.
For now, the company recommends that all its customers keep a close watch on their payment records and to report any suspicious charges to their bank or issuing card company.
Facebook faced immense backlash as the company announced 30 million personal accounts had been compromised in its most recent data breach back in September. Users’ contact and address information were all accessed during the breach, along with other sensitive data such as a user’s 15 most recent searches.
Facebook’s Help Center can assist users in figuring out if their account was hit by the breach.
Use these steps to find out how:
On the top right corner of your Facebook account, click on the “?” icon to access Help Center. You can also click the link below:
Search “security incident” in the search box above.
Scroll down to the bottom of the page to see the section marked: “Is my Facebook account impacted by this security issue?”
This section will provide a “yes” or “no” answer to its users. The message will also show up on users’ news feeds.
If No, there is no action needed to be taken at this time.
If Yes, you will be in one of these categories:
You’re one of the 15 million users’ whose name and phone/email has been stolen.
You’re one of the 14 million users’ whose account got breached with getting access to your “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places you’ve checked into or were tagged in, website, people or Pages you follow, and the 15 most recent searches.”
You’re in the 1 million users whose access token got stolen, but luckily no information has been breached.
If your data was accessed from this breach, there is no need to change your password or credit card information at this time. Furthermore, keep an eye out for scam calls and spam emails that ask for your personal information such as the login credentials for signing into your accounts. If you were in the 14 million within Group B, it’s best to call your bank or phone carrier to input a pin code to prevent hackers from essentially pretending to be you in order to access your accounts.
After such a massive data breach, should we really trust Facebook as a safe space to continue sharing with our loved ones?