TIME Companies

No, Snapchat Hasn’t Been Hacked

But that doesn’t mean you won’t get annoying weight loss spam from your friends

Snapchat denied being hacked after some users reported receiving spam messages from their friends advertising a weight loss site.

The ephemeral messaging service told the BBC that it believed that user login data was taken from other sites and used to access Snapchat.

“We recommend using a unique and complex password to access your Snapchat account,” the company told the BBC.

According to the BBC, the spam is sent to all of the contacts on an affected user’s account. Snapchat informs those users of the breach–and recommends that they change their passwords–when they log on.

In January, the company was targeted by hackers who took 4.6 million usernames and phone numbers and released the personal data on the web–with the last two figures of the phone numbers redacted. The hackers said they were raising awareness about Snapchat security concerns.

[BBC]

MONEY identity theft

Here’s What To Do About the Home Depot Hack

Home Depot says hackers have stolen tens of millions of its customers' payment card information. Here's how to protect yourself.

On Thursday, Home Depot acknowledged that hackers were able to access 56 million credit and debit cards when the retailer’s systems were cracked this April. The company says all malware has been removed from its U.S. and Canadian networks, but hackers have had access to card numbers as recently as September. If you’ve shopped at Home Depot within the past six months, here’s what you need to know:

Home Depot is providing free identity protection. The company is working with AllClear ID to give identity theft protection services, including credit monitoring, to all customers who have shopped at Home Depot since April 2014. To sign up, either go to this web page or call 1-855-252-0908, and AllClear will assign you an identity theft investigator.

Check your statements frequently. Credit card users shouldn’t worry too much about their number being stolen because credit card companies limit individual liability to $50. Of course, if you don’t identify fraudulent charges, your credit card company won’t cover them — so make sure to at least check your monthly credit-card statements.

Debit card users should be more vigilant about scrutinizing account activity — going back to April and going forward on a regular basis. The reason is that fraudulent charges are covered by banks for just 60 days after you receive a statement with such charges on it. The Home Depot data breach lasted months, so you could already be on the hook for purchases you didn’t make. Home Depot says AllClear’s identity theft protection service “will do the work to recover financial losses,” but it’s unclear what that means in the case of debit cards. (AllClear declined to comment on its partnership with Home Depot, and did not immediately respond to general questions about how debit card fraud is handled.) Home Depot claims there is no evidence that crooks obtained debit card PINs, but a company spokesperson would not say whether or not other information, like customer names, was stolen.

Stolen card info can be sold to and used by other fraudsters long after a breach — there’s a secondary market for this kind of stuff — so it’s a good idea to check your debit account activity as often as several times per week. Your debit spending is not only more vulnerable to fraud, but also can be more damaging. You won’t be out of pocket for bogus credit card payments; with debit card fraud, by contrast, the money is actually gone from your account until the issue is cleared up.

Look into getting a chip and pin payment card. Chip and pin payment cards are more secure, and offer an additional level of security by requiring users to enter a pin even when paying with a credit card. Matt Schulz, senior industry analyst at CreditCards.com, recommends consumers call their bank and ask about upgrading to a chip and pin card. This technology hasn’t been widely rolled out yet, but some bank already offer upgrades Schulz says most banks should offer this type card within the next year.

Try to relax. As these breaches become more common, it’s important not to panic each time a business is compromised. Instead, always practice good security habits, like creating strong passwords for e-commerce and frequently checking your payment cards’ transaction history.

MORE:

MONEY 101: What should I do if my wallet is lost or stolen?

MONEY 101: What should I do if I have been a victim of a data breach?

TIME cybersecurity

Chinese Hackers Infiltrated U.S. Defense Contractors, Senate Report Says

Army Lt. Col. Cecil Durbin (left) and Air Force Lt. Col Tom
Army Lt. Col. Cecil Durbin (left) and Air Force Lt. Col Tom Borowiec, a reservist, man the NorthCom Operations Desk inside the Deployment and Distribution Operations Center on Thursday May 1, 2008 at USTRANSCOM, located at Scott AFB in Illinois. Belleville News-Democrat—MCT/Getty Images

Hackers staged at least 20 attacks on private firms involved in the movement of U.S. troops and equipment

Chinese hackers infiltrated U.S. defense contractors on 20 separate occasions and were only twice noticed by authorities, according to the findings of a year-long Senate investigation released on Wednesday.

The Senate probe revealed that hackers targeted private airlines, technology companies and firms that have been contracted by the U.S. Defense Department to transport troops and defense equipment.

“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin in a public statement accompanying the report. “Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur.”

Read the Senate panel’s full report here.

 

MONEY identity theft

Watch Home Depot’s Response to Huge Data Breach

Hackers may have stolen tens of millions of credit and debit card numbers from the home improvement retailer.

TIME Health Care

Obamacare Website Was Hacked in July

Obamacare's 6-Million Target Hit As Exchange Sees Visits Surge
Marketplace guide Stephanie Cantres works on the Healthcare.gov federal enrollment website as she helps a resident sign up for a health insurance plan under the Affordable Care Act at a Westside Family Healthcare center enrollment event in Bear, Delaware, on March 27, 2014. Andrew Harrer—Bloomberg/Getty Images

No personal information was stolen in the breach

A hacker managed to breach cybersecurity at HealthCare.gov and implant malicious code on the federal Obamacare website, officials revealed Thursday.

Healthcare.gov hosts the federal insurance exchange on which millions of Americans have purchased health insurance since the Affordable Care Act mandate that most people be insured began rolling out last year. Officials said they learned of the hack, which took place in July, last week.

The attack is apparently the first instance of a hacker successfully breaking through the site’s defenses, an anonymous employee of the Department of Health and Human Services told The Wall Street Journal.

Officials said the attacker does not appear to have stolen any personal data and only broke in to a server used to test run software for the site. HHS said the Healthcare.gov site doesn’t seem to have been a specific target of the attack.

“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” HHS said in a statement to the WSJ. “We have taken measures to further strengthen security.”

Investigators found that hackers had not coordinated an assault to get valuable personal information, but had intended to install malware to allow other computers to control the Healthcare.gov system for later mass attacks, like a DDOS attack, designed to send so many visitors to a website it overwhelms the site’s ability to function. Investigators said they believe the hack is not the work of another government or government sponsored group.

Such security breaches are not uncommon but the attack raises concerns about the security of the website, which contains confidential personal details of millions of Americans. Republicans, who are united in opposition to the law and its implementation, have long warned the site was at risk of attack by hackers.

“If this happened anywhere other than HealthCare.gov, it wouldn’t be news,” a senior DHS official told the WSJ.

[WSJ]

TIME Retail

Home Depot Tells Shoppers to ‘Closely Monitor’ Bills Amid Fears of Data Breach

US-ECONOMY-HOUSING
A Home Depot store is seen in Silver Spring, Maryland, on March 28. 2013. Jewel Samad—AFP/Getty Images

"We apologize for the worry this can create"

Home Depot advised customers Wednesday to “closely monitor” their account statements, amid a spike of suspicious online activity that has the company investigating claims of a possible data breach.

The company acknowledged customers’ concerns in a statement posted to its website and said it was working with banking partners and law enforcement to confirm whether a breach occurred. “We know that this news may be concerning and we apologize for the worry this can create,” the company said. “If we confirm a breach has occurred, we will make sure our customers are notified immediately.”

Reports of suspicious activity first surfaced on KrebsonSecurity, an Internet security blog that said two large batches of credit card accounts were put up for sale online on Tuesday. According to KrebsonSecurity, initial evidence points to the same ring of Ukrainian and Russian hackers that have infiltrated accounts belonging to shoppers at Target and P.F. Chang’s, and this time the breach included political overtones. The hackers labeled the batches”American Sanctions” and “European Sanctions,” in an apparent reference to sanctions imposed on Russia for its involvement in Ukraine.

Home Depot said customers will not be responsible for fraudulent charges, which would be settled in negotiations between Home Depot and financial institutions that issued the compromised card.

Target is continuing to resolve payment disputes from a massive data breach last year that compromised some 40 million customer accounts. The company expects total losses from the breach to climb to $148 million, according to its second-quarter earnings report.

TIME hackers

Founder of America’s Biggest Hacker Conference: ‘We Understand the Threat Now’

Black Hat founder Jeff Moss speaks during the Black Hat USA 2014 hacker conference at the Mandalay Bay Convention Center in Las Vegas
Hacker Jeff Moss also known as The Dark Tangent speaks during the Black Hat USA 2014 hacker conference at the Mandalay Bay Convention Center in Las Vegas, August 6, 2014. Steve Marcus—Reuters

The hacker who has presided for 22 years over what is today the biggest hacker conference in the United States talks to TIME about Edward Snowden, Dorian Gray and hackers' changing role in society.

For one weekend every year, thousands of the world’s best—or worst, depending on your point of view—hackers meet in Las Vegas, Nevada, for Defcon. It’s one of the biggest hacker conferences on Earth, with about 15,000 attendees this year. It’s an event that some feel pushes the boundaries of legality, as hackers teach one another skills from lock picking and password cracking to evading government surveillance. The weekend is a celebration of hackish whimsy, the right to privacy and radical freedom of expression.

The light-up electronic badge needed to get into the conference can only be purchased with cash, and organizers collect no information about attendees’ identity. The place is rumored to be teeming with cybercriminals and federal agents alike, plus hordes of hackers trying to crack each other’s systems. Using the Wi-Fi is highly discouraged by some, for good reason: One room is home to an electronic bulletin board called the “Wall of Sheep,” which lists the user ID and partial password of any hapless hacking victim at the conference.

While covering the 22nd annual Defcon, TIME caught up with the founder and patriarch of the conference, Jeff Moss — better known by his hacker handle, “The Dark Tangent,” more commonly rendered simply as “DT.” With his pink t-shirt, short curly black hair, thin-framed rectangular glasses and a bouquet of badges dangling from his neck, DT looked the part of a pasty chieftain presiding over an ancient rite in digital dystopia. He doesn’t give out his age (Wikipedia places it at 39, which seems close enough).

This interview has been edited for length.

TIME: You’re ageless.

DT: I know. But I’m afraid at one point it’ll all come crashing down. What’s the horror movie where when the painting on the wall burns and everybody ages?

Do you have a Dorian Gray painting somewhere?

That’s my concern.

This conference has a nefarious reputation. Is that fair?

Oh yeah. I think there’s a little bit of nefariousness. The nefariousness is really more of an irreverence. You’re judged on what you know and what you can do, so it’s really kind of a put up or shut up culture, and you’re judged on what’s in your head, not how you look or what kind of watch you own. Sometimes people don’t know how to deal with that.

Is the Wi-Fi here safe to use?

It’s funny. It used to be you wouldn’t use our secured network because nobody really trusted it, they’d use their phone. Now everybody’s hacking the phones and intercepting phone calls and SMS messages, and nobody trusts their phone thanks to Snowden and all, and they want to use our secured Wi-Fi.

The last Defcon happened just after National Security Agency leaker Edward Snowden was first granted temporary asylum in Russia. Where does he fit into the zeitgeist of this community?

I think the cult of personality around Snowden has been replaced by concerns about what he revealed. Last year, there was sort of this sense of impending doom. It was like, “My God, what are you going to tell us next?” Now it’s like, “Ok, we understand the threat now. We understand what’s going on due to the revelations.”

Last year, it was just this sense that offense was so totally overwhelming, defense is helpless, what are we going to do, woe is me, the sky is falling. Now we’ve had a year, and you can see what the reaction has been: more energy than ever from the Electronic Frontier Foundation and the [American Civil Liberties Union]. Hackers like Josh Corman [an Internet security expert] trying to make a contribution to make things more secure. IETF [the Internet Engineering Task Force, which develops the protocols on which the Internet is based] has decided that pervasive Internet surveillance is a threat and needs to be taken into account for all future Internet protocols. You see Google and Microsoft investing money to create foundations to audit software. Everybody’s responding in their own way, so this year it feels much more hopeful. I think that’s a much more healthy response. We feel like we’re trying to take our own future into our hands.

Nothing changed before or after Snowden’s revelations. The security researchers knew that of course that’s what the NSA or any government can do. If you talked to the hackers last year it was like, “Of course you can do that. I’ve been doing that for 10 years.” But now that it’s sunken in at a more policy level you can have the conversation. Before you would say something to your parents and they’d be like, “Oh hahaha. You’re paranoid.” Next thing you know your parents are like, “Oh my God. You were not crazy. You’re not my paranoid son.” Now we’re at a place where people can relate and that’s a much more healthy place for us to be.

Do you have any demographic information on the people who attend this conference?

We don’t collect anything. Just the number of people. This is clearly a record. We plan for 5% growth or something and we exceeded that. Nobody saw the growth coming and there’s just this dot com feeling of people piling in more than ever.

I mean, this is the first Defcon TIME Magazine has attended.

Yeah! Do you know who else is here? C-SPAN!

…Really…

Yeah!

First time, huh?

First time. First it was just hackers talking to hackers, and then companies came in, and then it was other verticals, like telecoms. Now all of a sudden we’ve got medical, we’ve got policy, government. Just when we think we’ve gotten as many people who care about what we do here, all of a sudden a new greenfield [in engineering terms, a new creative frontier] room pops open and it’s airplanes, pacemakers and smart cars. That’s why I feel like there’s this energy. It’s like, “Oh my god, they’re listening to me! There’s a new avenue. I can do something new, try a new skill, develop my software.” It’s like greenfield again. Last year it sucked and this year it’s awesome.

TIME Retail

Target Expects $148 Million Loss from Data Breach

Target Corp. Reported A 4 percent increase in second-quarter profits
Customers walk outside a Target store August 14, 2003 in Springfield, Virgina. Alex Wong—Getty Images

The bill comes due for one of the largest security breaches in retail history

Target estimates that losses from a 2013 data breach that compromised credit cards and account information for 40 million shoppers could cost upwards of $148 million, the company said Tuesday.

The announcement came in advance of Target’s second quarter earnings report, which would detail the losses incurred from claims placed by payment card networks alleging fraudulent charges.

“Since the data breach last December, we have been focused on providing clarity on the Company’s estimated financial exposure to breach-related claims,” said Target’s interim CEO, John Mulligan.

The losses would be offset by a $38 million insurance payment, the company said. It cautioned that loss estimates were based on a preliminary tally of current claims, and included projections that were subject to change over time.

“These estimates may change as new information becomes available and, although the Company does not believe it is probable, it is reasonably possible that the Company may incur a material loss in excess of the amount accrued,” the company said.

The massive data breach prompted Target’s CEO to resign last May after executives reportedly ignored warning signs of hackers infiltrating the company’s networks. Target announced that the Board had selected Brian Cornell, former CEO of Sam’s Club, as its next Chairman and CEO.

MONEY identity theft

If Your Credit Card Information Was Stolen from P.F. Chang’s, Here’s Your Best Defense

Wallet exposing social security card
8.3 million: How many private records have been exposed to thieves so far this year. Olivia Locher; Prop styling by Linda Keil

Millions of private financial records have already been exposed this year. Follow this simple plan to stay safe.

Updated: August 4, 2014

If you’ve eaten at a P.F. Chang’s restaurant anytime since last October, you could have been the victim of a data breach. According to the company, consumer credit and debit card information has been stolen from 33 restaurants in the U.S. (You can find a full list of the affected locations and dates of possible incidents here).

Today, CEO Rick Federico issued a formal statement apologizing to customers and assuring them that their data has been secure since the restaurant chain identified the breach in June. In light of that news, we’re resurfacing a post from earlier this summer, with advice on how to protect yourself in the event you think your personal data has been hacked.

At least 8.3 million private records have been put at risk in 250 separate data breaches revealed this year, says the nonprofit Identity Theft Resource Center. One upshot of the leaks (up 23% over 2013 through late April): greater awareness of the threat of identity theft. Follow this three-tiered plan to defend yourself.

1. Take Advantage of Free Tools

Visit annualcreditreport.com every four months to get a credit report from a different one of the three major reporting agencies, advises Ed ­Mierzwinski at advocacy organization U.S. PIRG. And sign up for any no-cost service your bank or credit card issuer has for notifying you of activity in your account.

2. Warn All Lenders

Afraid your data has already slipped out? Put a free 90-day fraud alert on all your credit reports by contacting Experian, Trans­Union, or Equifax, says Paul Stephens of the nonprofit Privacy Rights Clearinghouse. That tells companies to use extra caution before issuing credit in your name. For confirmed identity-theft victims, alerts last seven years.

3. Lock Down Your Credit

For top security, freeze your ­credit, advises ID-theft consultant Robert Siciliano. Opening new lines of credit will require your password. Visit each of the big three bureaus online to launch it. Costs—up to $30 to place a freeze and $12 to lift it—vary by state.

RELATED:

 

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser