Monday, May 2, 2011

Security alerts!

It's been a very busy week for hackers, apparently.  Just last week, Sony (finally!) admitted that their Playstation Network (PSN) had been hacked, and private info had been stolen. Kotaku reports that Sony initially reported it was not 100% sure if credit card data was stolen or not, despite 'days of forensic analysis'. 

Now, I'm not sure how it takes a number of days to discover customer data has been hacked.  However, I'm pretty sure that the only reason someone would WANT to hack the accounts is for 2 reasons: 1. grab credit card numbers, and/or 2. commit identity theft. 

According to an article from Kotaku today, 24.6 MILLION accounts 'may have been' compromised, and the information on approximately 12,700 credit card numbers were stolen:

"The credit card data stolen, however, comes from an outdated database from 2007. That database contained 12,700 non-U.S. credit or debit card numbers and expiration dates, along with the direct debit information for 10,700 customers in Austria, Germany, Netherlands and Spain."
To be safe, if you have a PSN account, assume it's been hacked instead of waiting for Sony to get around to telling you for sure. Take steps to protect yourself immediately (see tips below).

On top of that, Trusty Friend ChAiNz sent out an article by securityweek.com on his Facebook page advising people to be careful about what links they're clicking on when trying to find out more information on the death of Osama Bin Laden.  Cybercriminals will post intentionally provocative "articles" and fake pictures on the event to lure people to their sites, which are loaded with malware.

So, take some steps to protect yourself.
1. If you are a Playstation network user, immediately visit the page on the Sony PSN  outage and review the basic steps to protect yourself. In particular, follow these directions that Sony posted on their page:

"For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us."

2. If you visit a site that asks you to download something in order to view it, like a codec or some other item, be very suspicious.  Don't download it unless you're 100% sure it's a reputable site with reputable software.  To be safe, run an antivirus scan on any program or file that is downloaded to your computer.

3. Don't give out personal information on any sites you don't trust.

4. Visit only reputable news sites for information on world events like Bin Laden's death. 

As Mike Lennon says on Securityweek.com's site today:

In this situation, when users click on a link to a malicious site and reach the infected Web page, they are prompted to accept the download of a file, such as a codec to watch a video, and the malware will be installed on the computers.
Users should be especially cautious around this event, since no official photos have been released of Bin Laden's body after his death was reported, thus users may be inclined to search more on their own to see if photos or videos are available. Cybercriminals typically use very attractive headlines to encourage users to click links and direct them to malware infected Web pages. Be cautious, and don't assume links and videos posted by friends on social networking sites are safe.


5. Keep your antivirus and anti-malware programs up to date, and schedule them to run often.  Also, make sure to use a firewall.  Freeware versions of these can all be found at CNet's www.download.com site.

6. Change your passwords regularly, and use passwords that are hard to guess.  Including numbers and symbols makes it harder for thieves to hack accounts.   



Enhanced by Zemanta