Entries in Hacked (8)


Burger King Twitter Account Hacked to Look Like McDonald’s

SAEED KHAN/AFP/Getty Images(NEW YORK) -- You could call it the Big Mac of Twitter hacks. Burger King’s Twitter (@burgerking) account was hacked today. The account, which had more than 89,000 followers and was verified by Twitter, was made to look like McDonald’s with a McDonald’s logo.

The hacker posted tweets that Burger King had been sold to McDonald’s and the account had been taken over by McDonald’s employees. “We just got sold to McDonalds! Look for McDonalds in a hood near you @DFNCTSC,” the hacker tweeted at 12:01 p.m. ET. @DFNCTSC is likely an account set up by the hacker. Several of the posts used obscenities or racial epithets.

For over 30 minutes the feed was filled with photos and videos making fun of Burger King. “We caught one of our employees in the bathroom doing this….” one of the tweets said. Along with it was a photo of a man injecting a syringe into his arm.

ABC News has not heard back from Twitter or Burger King regarding the account.

Earlier this month, Twitter reported 250,000 account passwords had been compromised by hackers.

The Burger King hack was the most prominent since last year when several Major League Baseball accounts were taken over by a hacker. The New York Yankees’ Twitter account reported at the time that shortstop Derek Jeter would be undergoing a sex change.

Copyright 2013 ABC News Radio


Payment Dispute Leads to Hack of Gym Websites FRANCISCO) -- A website designer, who claims a California gym chain refused to pay his invoices for work completed, took the unusual step of hacking into and commandeering the client’s websites.

Fitness SF, a chain of California gyms, allegedly failed to pay Frank Jonen, who says he is a freelance web designer, photographer and writer/director in Idstein, Germany, according to his Facebook page. He then broke into the Fitness SF web site and reposted the home page with his rant on the company’s alleged failure to pay on time.

Instead of information about say, Pilates and hot yoga, consumers who log on to the site were greeted with this as of Friday:  “Dear Fitness Customer. Fitness SF preferred to ignore our invoices instead of paying them. As a result this website is no longer operational.”  Links to Fitness SF locations in Oakland, Marin, and SOMA and the Castro areas in San Francisco, also redirect to this message.

Jonen seems to see himself as somewhat of an activist, fighting for the rights of independent contractors everywhere.  “I am also writing this on behalf of the tens of thousands of freelancers and small businesses out there facing larger corporations who can afford to starve them out. …An injury to one is an injury to all of us. We need to make a stand against crooks like this.”

The screed ends with a plea for consumers to cancel gym memberships, Tweet, or post on their Facebook pages in solidarity with him.

According to Ad Age (the piece originally appeared on the Denver Egotist), Jonen had intimated on Twitter that he might do something rash.

“I bet these bastards still think I won’t fight back and let them get away with betraying me and escaping payment,” he tweeted to his more than 1,500 followers.  Another Tweet pointed people to the revamped web site: “They thought paying invoices was ‘optional’. They ignored all reminders.
Let’s see if they’ll ignore this:” he wrote.

In an email to ABC News, director of operations Don Dickerson of Fitness SF, said that its domain name had been “hacked and stolen.” He added that Jonen had been paid $5,000 on May 16, 2012 to develop a functional website for the brand, promising a 10-week delivery date.

“He missed numerous deadlines including our brand launch in September,” said Dickerson. “In December, he voluntarily passed the incomplete and non functioning website to our new design firm. Now, Frank is attempting to portray himself as the victim when truly the victim is Fitness SF.”

Jonen did not reply to an email request from ABC News.

Copyright 2013 ABC News Radio


Yahoo! Password Breach Includes Gmail, Hotmail and AOL Users

Daniel Acker/Bloomberg via Getty Images(NEW YORK) -- At least 400,000 email addresses and passwords of Yahoo Voices’ users, people authorized to post content on Yahoo, were stolen and revealed by hackers, Yahoo confirmed today.

“We confirm that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo and other company users names and passwords was stolen yesterday, July 11,” Yahoo said in a statement.

The hackers, who called themselves the D33Ds company, posted a full text document online containing the usernames and passwords, and said that it should be a “wake-up call” rather than a threat to Yahoo.

“There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure,” they wrote.

Yahoo said it is “fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users’ accounts may have been compromised.”

It said only five percent of the username-password combinations revealed were still valid or current.

However, it wasn’t just Yahoo email addresses in the document. Some of the Yahoo Voices’ accounts listed email addresses with AOL, Gmail, Hotmail and Windows Live.

Security firm Sucuri said that more than 100,000 Gmail addresses were included in the breach. The same firm created a script based on the leak that allows users to see if their account or password was among the ones leaked.

The Yahoo hack comes no less than a month after LinkedIn’s breach.

Robert Siciliano, an online security expert with McAfee, said such breaches aren’t likely to slow down. While they may cause sites and services to beef up their security infrastructure, he said, hackers like to “one up each other.”

“This is fun for criminal hackers,” Siciliano told ABC News. “They enjoy this. This is what they do. I like to play with my kids. They [hackers] like to hack networks.”

Copyright 2012 ABC News Radio


Credit Card Processor Hit by Hackers

Comstock/Thinkstock(NEW YORK) -- Merchants and consumers could be the big losers in the latest case of hackers cracking the complex systems used to process credit and debit card transactions.

Visa and MasterCard acknowledged Friday that they've been alerting banks about a major breach at Global Payments, an Atlanta-based payment card processing firm.

Global Payments issued a statement late Friday saying it discovered the breach in March and reported it to industry officials and the FBI. The company scheduled a press conference for Monday morning.

Gartner banking security analyst Avivah Litan says unverified reports point to a New York City street gang with Central American ties taking control of "an administrative account that was not protected sufficiently."

"I've spoken with folks in the card business who are seeing signs of this breach mushroom," says Litan.

Security blogger Brian Krebs, who broke the story, says thieves cracked into the Global Payments network between Jan. 21 and Feb. 25. He says they may have swiped more than 10 million credit and debit card transactions records. .

MasterCard issued a statement advising cardholders to contact the financial institution that issued their cards with any concerns. Visa emphasized that no Visa systems were breached.

But criminals generally don't bother highly defended systems, and look for security flaws elsewhere. "Sooner or later they find some weakness in the highly complex chain of systems that they can exploit," says Geoff Webb, of data security firm Credant Technologies.

Credit card processors have been breached before. Heartland Payment Systems lost 130 million payment card records generated by 250,000 merchants and restaurants between 2008 and 2009.

And it's not just card processors that are being targeted. Last year hackers stole payment card information for more than 100 million customers of Sony's PlayStation Network.

And earlier this year, online shoe retailer Zappos disclosed hackers took e-mail and shipping addresses, phone numbers and account passwords for some 24 million customers, data useful for identity theft.

"Any business that's capturing payment data is a target," says Mark Bower, analyst at Voltage Security.

Gangs are adept at quickly manufacturing faked debit cards to make large cash withdrawals from ATMs. In such cases the individual's cash goes missing until a theft is reported and reimbursement carried out, which can take several days.

"You should always be watching your statements for unauthorized transactions; but right now people should be extra vigilant," says Steve Coggeshall chief technology officer at ID Analytics.

Retailers are also acutely exposed. Some 46 states have now enacted data breach disclosure laws that require merchants to notify customers whose card numbers are stolen.

Many of these data loss disclosure laws impose stiff fines if notifications are not done in a timely manner, says Ted Julian, of Co3, a Cambridge, Mass.-based start-up that helps retailers manage the repercussions of credit card theft.

Massachusetts has begun levying such fines. Other states could see a windfall in fines levied against merchants who are slow to notify consumers that their payment card data, credit or debit card number is in criminals' hands. "Merchants are definitely on the hook for these state disclosures, because they are the ones who have the consumer relationship," Julian says.

Copyright 2012 ABC News Radio


Sega Hit by Hackers

Ryan McVay/Thinkstock(TOKYO) -- Videogame giant Sega is the latest company to have its computer systems attacked by hackers.

Sega’s online database was reportedly the subject of a cyber attack, with hackers being able to gain unauthorized access to personal information belonging to almost 1.3 million customers. The attack occurred on Friday, with information from customers of the company’s Sega Pass service being accessed.

The compromised information included names, email addresses, dates of birth and encrypted passwords, according to published reports. Sega said it does not store personal payment information, such as credit card information, as such is handled by external parties.

Recently Sony was the target of hackers which resulted in the PlayStation Network being shut down for almost a month.

Copyright 2011 ABC News Radio


Citigroup Hack Job Worse than Originally Reported

Jupiterimages/Thinkstock(NEW YORK) -- Hackers who cracked into Citigroup's credit card records last month did more damage than the bank initially reported.

The company announced late Wednesday that more than 360,000 credit card accounts were impacted when hackers broke into its database -- nearly double the number first believed. Citigroup, however, says that many of those accounts had already been closed or had their cards replaced for other reasons.

"The customers' account information (such as name, account number and contact information, including email address) was viewed," the company said in a press release. But what was not compromised were social security numbers, birth dates, credit card expiration dates, and card security codes -- "data that is critical to commit fraud," Citigroup said.

Only slightly more than 217,000 accounts were reissued cards because of the breech.

Copyright 2011 ABC News Radio


Group Brags Sony Easy to Hack

AFP/AFP/Getty Images(TOKYO) -- Whoever the hackers at LulzSec are, they talk big. They claim to have gotten into the files of Sony Pictures Entertainment and stolen information on more than 1 million consumers. They claim they defaced the website of the PBS NewsHour as a protest against a Frontline documentary on WikiLeaks. And they say they're not done yet.

"We accessed EVERYTHING," said the group on a website it advertised on Twitter. It claimed it compromised "passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

"Why do you put such faith in a company that allows itself to become open to these simple attacks?" said the message on the site. The website was registered only on Wednesday with an address in the Bahamas, according to an ABC News search of Internet registries. Security consultants said LulzSec's claims seemed genuine, and phone numbers posted on the site turned out to be authentic.

Sony issued a statement on Friday saying: "We have confirmed that a breach has occurred and have taken action to protect against further intrusion," it said. "We also retained a respected team of experts to conduct the forensic analysis of the attack, which is ongoing."

Security consultants said the attack probably wasn't really aimed at those million Sony customers.

"If they're stealing passwords to do something bad, they're not going to announce it," said Kevin Haley, director of security response at Symantec, the computer-security firm. "But it's definitely a good idea to change your passwords."

For Sony, though -- and other companies hit by so-called "hactivists" -- the consequences could be much more serious. "Sony desperately needs to get their security act together," said Rob Enderle, an information-technology consultant, in an email to ABC News. "This could (with connected litigation and government response) effectively put them out of business."

The company is still trying to recover from an attack in April on its PlayStation video game network -- which had 77 million online accounts worldwide. Sony was forced to shut the network down and rebuild it, a process that took weeks.

Copyright 2011 ABC News Radio


Holiday Hack Attacks Plague PBS, Lockheed Martin

Jupiterimages/Thinkstock(NEW YORK) -- This holiday weekend has seen a number of prominent cyber attacks.

Since Friday, there was a fake news story posted on the PBS website that claimed murdered rapper Tupac Shakur was alive and well in New Zealand, and aerospace giant Lockheed Martin found itself the target of a data breach.

Add to this a claim from Rep. Anthony Weiner, D-NY, that a hacker allegedly sent a lewd photo to one of his online followers via his Twitter account. It should be noted unlike the former incidents, Weiner's situation has not been confirmed as the work of a hacker.

"It's not a prank and it's not covered by free speech any more than someone who takes a spray can and writes all over your house," said Parry Aftab, an online privacy and security lawyer. "Everything on the Internet belongs to someone."

Aftab said he expects these high-profile attacks will have an impact.

"Expect to see a lot more regulatory hearings and action from the FTC and Congress about how we look at this," he said.

The confirmed attacks on PBS and Lockheed Martin come just weeks after a security breach at Sony affected millions of its Playstation users. 

Copyright 2011 ABC News Radio

ABC News Radio