Information Security News
by Robert Lemos
Home Depot may be the latest victim of retail hackings of customer debit and credit card information.
The suspected breach, first reported on Tuesday by journalist and security researcher Brian Krebs, may involve all 2,200 US stores and has some of the hallmarks of the group that compromised Target, Sally Beauty, and P.F. Chang's, according to Krebs. Home Depot is currently looking into the fraud anomalies and promised to notify customers as soon as it has evidence of a breach.
"At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Home Depot spokesman Paula Drake said in a statement to Ars. "Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers."
An Apple spokesperson has issued a statement on the company’s investigation of the hacking of female celebrities’ cloud accounts and the theft of photos from their accounts. And Apple is, in essence, blaming the victims. Or at least, their security questions and passwords.
“We wanted to provide an update to our investigation into the theft of photos of certain celebrities,” the statement reads. “When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us."
Initial reports from security sources suggested that an exploit of a weakness in Apple's "Find My iPhone" API that allowed a brute force password attack. Apple has discounted those reports, and it blames the success of the attacker on what amounts to social engineering of the accounts—by trying to use personal data to guess passwords or answers to security questions for the accounts in question. "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
by Sean Gallagher
A spokesperson for Apple confirmed that the company is investigating whether an alleged vulnerability in the company’s “Find My iPhone” service and other possible vulnerabilities in its iCloud cloud storage service for Apple devices were used in the hacking of the personal photos of a number of celebrities. The FBI is also investigating whether the accounts of the celebrities were hacked.
Some of the photos, which were leaked through the “/b/” discussion forum on 4chan over the weekend, were apparently taken from iPhones—though it remains unclear when the hacking took place, or even if the same attackers are responsible for all of the leaked images.
“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Nat Kerris in a statement sent to the Wall Street Journal.