Russian Hackers Steal 1 Billion Passwords
Your data probably isn't being stolen from you directly, but from service providers you deal with.
Scott Olson/Getty Images
from security researcher Brian Krebs said that 40 million people who shopped at Target stores in the three days following Thanksgiving this year may have had their information stolen. According to Krebs, "The type of data stolen -- also known as “track data” -- allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe."
He also said that if the hackers intercepted PIN data for transactions, they could reproduce stolen debit cards and use them to withdraw cash from ATMs. In the meantime, the data breach is being investigated by the Secret Service. But that doesn't help the millions of people who have been the victims of fraud. It begs the question, how much longer do we have to put up with credit card number theft?
Thankfully, researchers are coming up with many new ways to pay for products and services that, in the future, won't require a credit card. Here are just a few.5 Ways To Shop Safely This Holiday
Researchers at Carnegie Mellon University have come up with PayTango, a new payment system that uses a fingerprint scanner to identify shoppers and provide them with one easy way to check out. If Target stores had this technology, the customer could press their finger on the payment pad instead of entering a PIN. Since a fingerprint cannot be duplicated, only the credit card owner would be authorized. It takes 20 seconds to sign up with PayTango, and is a good way to consolidate your bank, ID and gift cards into a one thing you'll never leave the house with: your finger.
You also never the leave the house without your face. This technology from Uniqual scans unique features of your face to identify you and authorize a payment from an account you've created. To make your purchase, just smile at the camera.
The Ring Theory, Kickstarter
Researchers at MIT wanted to use off-the-shelf technology to develop a creative method for making a payment. They developed the Sesame Ring, which give commuters access to the subway in Boston. The ring was 3-D printed and embedded with a radio frequency identification (RFID) chip compatible with the city’s MBTA CharlieCard, a rechargeable fare card. To catch a ride, just tap and go.
YURI KADOBNOV/AFP/GETTY IMAGES
As part of campaign by Russia's 2014 Olympic Committee to "add elements of sport into daily life," vending machines installed in Moscow subways give away a free ticket to anyone who can do 30 squats. Here, Olympic champion gymnast Yelena Zamolodchikova gets a ticket, no problem.
PC Plus Magazine/Future Publishing/Getty Images
The ability to pay by phone is extremely popular throughout Asia and Africa, where tap-and-go technology allows people in Tokyo, for example, to touch a phone to an NFC wireless pad and instantly make a purchase. In Africa, people routinely make payments via text message. In the United States, paying with a phone is slowly gaining ground with apps that work on both iPhone and Android smartphones. The phones need to be equipped with the wireless NFC chip and only work at cash registers equipped with a compatible NFC pad.
An Apple patent granted in 2011 details an “ad-hoc cash-dispensing network that allows users to efficiently exchange cash.” The idea is that a cash-strapped you would summon your app, which would use the location service on your phone to locate others in the area willing to part with a few bucks for a fee. Once you rendezvous, the transaction can be made. The human ATM would get reimbursed through an online account that both of you have signed into.
The Coin card combines all of your swipe-able cards (credit cards, debit cards, gift cards) into one handy place. A card-swipe dongle ships with the device and you must download an app to combine all of your cards onto the Coin. But once all of the information is stored on Coin all you need to do is tap a button on the card, toggle through your payment choice and select the appropriate method. Credit or debit?
Lately, how you pay is almost as important as what you pay with. The distributed peer-to-peer digital currency bitcoin functions without the intermediation of any government or central authority. One can purchase bitcoins using U.S. dollars and hold onto them as they gain value. Bitcoin payment processing fees are lower than those of credit cards and so there are incentives to spend them. In this photo, a man buys bitcoins from the world's first bitcoin ATM, owned by the company Bitcoiniacs, which went live inside a downtown Vancouver coffee shop.
Russian hackers stole 1.2 billion Internet credentials from major US companies and others around the world in what is likely the biggest data breach ever, security researchers said Tuesday.
The US firm Hold Security said the gang which it dubbed "CyberVor" collected confidential user names and passwords were stolen from some 420,000 websites, ranging from household names to small Internet sites.
"As long as your data is somewhere on the World Wide Web, you may be affected by this breach," Hold said in a statement on its website.
"Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family."
The security firm, which specializes in research on large data breaches, said the cybergang acquired databases of stolen credentials from fellow hackers on the black market, and then installed malware that allowed them to gain access to many websites and social media accounts.
"To the best of our knowledge, they mostly focused on stealing credentials, eventually ending up with the largest cache of stolen personal information, totaling over 1.2 billion unique sets of e-mails and passwords," the researchers said.
"The CyberVors did not differentiate between small or large sites. They didn't just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites."
The researchers dubbed the hacker group CyberVor, using the Russian word "vor," for thief.
The New York Times first reported the breach, and said the group of hackers based their operation in south central Russia, a flanked by Kazakhstan and Mongolia, the report said.
The Times said the group includes fewer than a dozen men in their 20s and that their computer servers are believed to be in Russia.
"There is a division of labor within the gang," Hold Security founder Alex Holden is quoted as saying. "Some are writing the programming, some are stealing the data."