Zappos on Sunday confirmed that hackers breached the company’s servers and accessed personal data belonging to many of its customers. The Amazon-owned shoe retailer known for top-notch service and surprising customers with express shipping at no extra cost confirmed that personal data from 24 million accounts was accessed during a recent security breach. The hackers gained access to range of sensitive data including user names, encrypted passwords, customer names, email addresses, phone numbers and the last four digits of credit card numbers. The company stated that full credit card numbers were not compromised. As a security measure, Zappos reset the passwords of all affected customers and sent out emails alerting them to the situation. The company’s full email to customers follows below.

First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

SECURITY PRECAUTIONS:

For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

PLEASE CREATE A NEW PASSWORD:

We have expired and reset your password so you can create a new password. Please create a new password by visiting Zappos.com and clicking on the “Create a New Password” link in the upper right corner of the web site and follow the steps from there.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@zappos.com.

A hacking group named LulzSec made headlines recently for attacking high visibility targets, including Sony and the U.S. government. LulzSec announced earlier this week that it was stopping its operations, and rumor has it many of the members joined up with Anonymous’ “AntiSec” hacking group. Now that group is making its own headlines. On Tuesday AntiSec claimed responsibility for attacks against Universal and Viacom. According to The Wall Street Journal, the hackers released personal data, including passwords, from the Universal Music Website. It also obtained and leaked information about Viacom’s network. It’s unclear how many users were affected by the security breach, although we hope to hear an official word from both firms in the near future.

Read

A recent online security breach involving the left of 360,000 credit card numbers will cost Citigroup $2.7 million, the company confirmed to U.S. government officials on Monday. Hackers infiltrated Citigroup servers last month and stole account numbers and personal information associated with over 360,000 Citi-branded credit cards. According to Citigroup, personal information and card numbers from approximately 3,400 cardholders was subsequently used to make about $2.7 million in unauthorized purchases. Citigroup stated that affected customers would be reimbursed for the fraudulent charges. No arrests have been made in association with the breach.

Read

Sega has confirmed that personal data from 1.3 million user accounts was stolen during a recent security breach, according to Reuters. Hackers obtained email addresses, encrypted passwords, birth dates, and names of Sega Pass network users. Unlike Sony’s recent security breach, however, the hackers did not access credit card data. As a result of the attack, Sony has pulled its Sega Pass network offline. “We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” Yoko Nagasawa, a Sega spokeswoman, said. Lulzsec, the hacker group behind Sony’s attack, has not taken credit for the Sega breach.

Read

Remember Citigroup’s recent security breach? The firm originally said that 200,000 accounts — 1% of its customers — were compromised, but now Citi is going on record and saying that hackers gained access to a total of “360,083 North America Citi-branded credit cards.” Unfortunately, the company hasn’t provided any details on how the attack occurred, or who was behind it; the infamous hacking group LulzSec, which claimed responsibility for a number of recent high-profile targets including Sony, hasn’t yet mentioned any involvement. If you’re an optimist, the good news is that Citigroup says the number of active accounts affected is actually below the 360,000 figure — because of subsequent account closures — and that the hackers didn’t steal info enough to actually use the credit card numbers. 217,000 customers have already been provided with replacement cards, and California residents were hit the hardest — 80,000 of the numbers stolen were from that state.

Read

We’re here in Los Angeles at E3 and we’re ready to start bringing you the latest news from Sony. The company’s E3 keynote is about to get underway pretty soon, and we’re comfortably seated and ready. We’re expecting to hear news on Sony’s PlayStation 3 plans, perhaps some more info about the NGP, and more.  Hit the break for all the live updates!

7:56PM:We've been given some 3D glasses for the event, hmm, wonder what that might imply?

8:03PM:Place is packed - sitting next to some Sony employees. People are still filling in. There are upper decks like a baseball stadium. Assume we're going to hear some big news!

8:07PM:We're being told the program will begin in 10 minutes.

8:08PM:And we've silenced our cell phones.

8:10PM:"We should begin in 5 minutes!"

8:11PM:We're supposed to have our 3D glasses on — but will it be gimmicky like RIM's BlackBerry World conference?

8:14PM:"We should begin in 1 minute!" Everyone ready?

8:16PM:lots of applause this place is about to go nuts

8:17PM:hmm just show a screen suggesting "3D World by Sony" - What's that mean?

8:18PM:A quick video demo of some hits games is being played right now to kick off the press conference

8:19PM:We're seeing game demos across Sony's various platforms, but there's a continual suggestion that 3D will play a role tonight

8:20PM:Lots of applause after that demo

8:21PM:Jack Tretton President and CEO of Sony Computer Entertainment America is on stage. "Wow, there are a lot of people here." There are 6,000 people here live.

8:23PM:We're "hearing" about the elephant in the room - the security breach. The network outage was costly to Sony's developers and Sony thanks its developers. Sony said it had the best year since Sony PlayStation 3 launched. Figures are up 23% over the prior year. Consumers are the "life blood of the company," and Sony apologizes for the security breach.

8:24PM:Network activity is still at over 90% of the traffic Sony saw before the security leak.

8:24PM:Everything we'll see here tonight will be playable on the arcade floor tonight.

8:26PM:Sony will be adding a new media partner — Cinema Now — for the latest TV shows and movies later this year. This is in addition to Netflix, of which 30% of its subscribers come from Sony PlayStation 3 users.

8:27PM:Now we're seeing the latst from NaughtyDog, Evan wells and Christophe Balestra are on stage.

8:27PM:We're seeing a demo of Uncharted 3 - Drake's Deception

8:29PM:The demo looks awesome so far — a ship-based mission.

8:31PM:The demo is still playing - if you've been a fan of Uncharted or Uncharted 2 this looks like something you'll want to pickup.

8:33PM:Unfortunately most of the game's scenes are taking place underwater or in a dark ship so it's hard to shoot with a camera. Lots of pause after the demo! Sony hopes it will be a best-in-class single player game.

8:33PM:The beta begins on June 20th

8:34PM:Subway customers can get an early access version of the game by heading to Subway sandwich shops. Now we're putting on out 3D glasses for a quick demo.

8:36PM:Characters and effects looked straight-up amazing in the demo

8:37PM:It will be supported in 3D.

8:37PM:Insomiac Games Marcus Smith is on stage to show off Resistance 3

8:38PM:Again, we're seeing Resistance 3 in 3D with our glasses. We're getting a straight-up live demo here on stage. Chimeras are taking over St. Louis.

8:40PM:Unfortunately the photos for these demos look awful given the 3D aspect - but Resistance 3 looks amazing otherwise!

8:41PM:Lots of applause for Resistance 3 in 3D. We're going to be able to check out the demo immediately after the show

8:43PM:A resistance 3 bundle will launch on September 6 for 0 with a resistance 3 controller and more. Sony says its dedication to 3D is "unwavering." God of War and Ico and Shadow of the Colossus Collection in September and both will be fully playable in 3D.

8:43PM:"PlayStation is the ultimate solution for 3D."

8:44PM:"There will be 2 new 3D hardware products available on PlayStation portfolio." There will be a 24-inch PlayStation branded 3D display. It comes with tech to allow two people to watch two individual unique full-screen images instead of split screen. Wow. That sounds amazing. Tons of applause here.

8:45PM:This fall Sony will add active-3D active glasses to its offering. The PlayStation 3D monitoring will be availabel this fall, a 6-foot HDMI cable, and Resistance 3. The package will cost 9.

8:45PM:Additional pairs cost .99

8:46PM:2K sports Chris Snyder and Erick Boenisch are on the stage to show off NBA 2k 12

8:48PM:We're seeing NBA on the Move in action. Watching how players can play the best move (defense of offense) by pulling the trigger on Sony's controller.

8:48PM:The goal is to deliver the best NBA experience ever.

8:48PM:"NBA on the Move" is not just for the hardcore. "Anyone can just pick up and play."

8:49PM:Kobe Bryant is on stage to demo it. "I'm the Heat man, what do you think?" Audience booed.

8:51PM:Kobe is off the stage, "NBA 2K 12 will change your game."

8:52PM:"adding PlayStation Move to can define an experience." Umrao Mayer and Jeremy Ray from Worldwide Studios are on stage to show how PlayStation move can change Deadman's Quest.

8:52PM:This is another demo.

8:54PM:We're seeing how PlayStation Move can allow for pin-point accuracy of taking out baddies in RPS style games such as Medieveal Moves - Deadmunds Quest.

8:54PM:It's pretty stunning: use your Move controller to slash bad guys and pull down levels inside dungeons, etc. "What you see is what you get."

Speaking to The New York Times in an interview on Tuesday, Sony’s CEO Howard Stringer discussed the company’s recent security breach, and what his firm is doing to make sure such a large scale attack doesn’t happen again. Stringer argued that Sony reported the breach quickly, despite waiting nearly a week to notify its customers that hackers had stolen personal information, including credit card numbers. “We still have a lot of investigation to do to find out how this happened, but we’re not there yet,” Stringer explained. Sony’s corporate executive officer and executive vice president, Kazuo Hirai, said also noted that Sony is working to examine security on “every level of the company … from televisions to eBooks, and onwards.” Sony will create new security positions within the company, and the security employees with be tasked with setting up a “system to avoid this type of event again — putting a new system in place,” Hirai explained. Sony began restoring its PlayStation Network services in the United States last weekend after issuing a firmware update for the PlayStation 3.

Read

Here’s something we don’t see everyday — Vodafone New Zealand has tweeted that it’s delaying the launch of the Sony Ericsson Xperia Play after a “major security breach.” According to the carrier’s official Twitter account, the shipment of Xperia Play units was stolen at some point on its way to the carrier. It’s unclear who pulled it off or how the heist took place. Vodafone has not provided any other details as to how long the launch will be delayed.

[Via Engadget]

Read

April 1st – 7th

• Sony suffers another major security breach
• Apple to fix location tracking bug in iOS 4.3.3; due out soon
• Live from RIM’s BlackBerry World 2011 keynote!
• RIM to launch 10-inch BlackBerry PlayBook this fall; OS 7 devices delayed?
• BlackBerry Bold 9900 / 9930 hands-on!
• Samsung Galaxy S II hands-on
• BlackBerry Bold 9900 / 9930 gets official, finally touch and type
• No iPhone 5 this summer according to AT&T rep
• Samsung Infuse 4G hands-on!
• White iPhone 4 not thicker than black version according to Apple SVP and Consumer Reports

In what may be one of the largest digital security breaches in United States history, millions of customer email addresses have been exposed as a result of a breach at Epsilon. BGR reported on Saturday that TiVo customer email adresses had been compromised as a result of unauthorized access to online marketing company Epsilon’s servers. Following that report, several other companies have come forward to confirm that their customers’ email adresses may have been exposed. Those potentially affected include customers enrolled in Best Buy’s Reward Zone program as well as customers of Citigroup, J.P. Morgan Chase, TiVo, Barclays, Walgreens, U.S. Bancorp, Capital One, HSN and College Board, which represents almost 6,000 different U.S. colleges and universities. “A subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system,” Epsilon said in a statement last week. The company insists that only names and email addresses may have been compromised, and that sensitive information such as social security numbers, credit card numbers and passwords were not accessed.

It’s always nice when an email service that contains customer’s personal and private email addresses is hacked. TiVo has publicly disclosed that their email service provider, Epsilon, had customer’s names and email addresses released to “unauthorized” people. TiVo hasn’t disclosed how many emails were accessed in the security breach, but does note that the information was limited to email addresses and possibly customer’s names. The company is advising notified customers to be careful opening any emails from unknown third parties. Nice.

Thanks, preppy17!

In 2008, a foreign intelligence agency slipped a flash drive into a U.S. military computer, sneaking malicious code onto classified military networks: "A rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary." Gulp. More »

Citibank's iPhone app accidentally saved private user data such as passwords, account numbers, and bill payments in a hidden file on phones. No security breach has been reported, however Citibank is urging its customers to upgrade their app to fix the flaw and delete any saved information. [WSJ via Fast Company] More »

Man, one day you have the whole world's ear to talk about slack network security, and the next you're in the joint. Andrew Auernheimer, Goatse Security's hacker-in-chief and a key player in the unearthing of a major security flaw exposing iPads surfing AT&T's airwaves, is today facing felony charges for possession of a variety of potent drugs. That wouldn't be such intriguing news by itself, but the discovery was made by local law enforcers who were in the process of executing an FBI search warrant. Hey, wasn't the FBI going to look into this security breach? Yes indeedy. While nobody is yet willing to identify the reasons behind this warrant, it's not illogical to surmise that Andrew's crew and their online exploits were the cause for the raid. So there you have it folks, it's the first bit of advice any publicist will give you: if you're gonna step out into the glaring light of public life, you'd better clean out your closet first.

AT&T hacker's home raided, drugs found, dude detained originally appeared on Engadget on Wed, 16 Jun 2010 06:34:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  Washington County Sheriff's Office  | Email this | Comments

While the fallout continues over last week’s security breach which saw hackers gain access to the email addresses of some 114,000 AT&T iPad 3G customers continues, AT&T’s VP of public policy and Chief Privacy Officer Dorothy Attwood today sent out an email to everyone of AT&T’s iPad 3G data plan subscribers to explain the situation. While email addresses were obtained by the hackers, Attwood contends that the hackers were unable to access more critical things such as account passwords, AT&T’s network, or user’s iPads. Attwood also said that as soon as AT&T learnt of the hack on June 7th, it took swift action to prevent any further unauthorized exposure of customer email addresses” and patched up the hole which made the hack possible “within hours.” Of course this raises the whole question as to why it took AT&T six days to notify its customers that hackers had gained control of some of their personal information, but we imagine the FBI’s investigation into the matter might help clear some things up. You know, that or the surely dozens of lawsuits that are going to be filed over the matter. Hit up the jump to check out the email in its entirety.

Thanks, Adam!

Uh oh. According to Valleywag, an AT&T security breach led to the exposure of 114,000 email addresses (and associated SIM / ICC identifiers) belonging to Apple iPad owners. A group of hackers calling themselves Goatse Security (be careful looking that one up) figured out a number of ICC-IDs and ran a script on AT&T's site through a faked iPad UserAgent, which would then return the associated addresses. Some of those affected were actually quite big names, including the CEOs of The New York Times and Time Inc., some higher-ups and Google and Microsoft, and even a number of employees from NASA, FAA, FCC, and the US military.

For its part, AT&T tells AllThingsD that it was informed of the issue on Monday, that only the addresses and associated ICC-IDs were revealed, and that by Tuesday the "feature" that allowed addresses to be seen had been turned off. And as Security Watch's Larry Seltzer cautions in a statement to PC Mag, the impact of this breach -- just email addresses -- is probably somewhat exaggerated. Still, regardless of the magnitude, this can't be making AT&T's day at all bright, and you best believe a number of folks in Cupertino have fire in their eyes over this bad press.

[Thanks to everyone who sent this in]

AT&T breach reveals 114,000 iPad owners' email addresses, including some elite customers originally appeared on Engadget on Wed, 09 Jun 2010 19:15:00 EDT. Please see our terms for use of feeds.

Permalink   |  AllThingsD, Valleywag  | Email this | Comments

We've noticed that Twitter has been down for the past few hours, but now TechCrunch is reporting that the site has been hacked by a group calling themselves the "Iranian Cyber Army." There's even a message from the group. Updated.

Iranian Cyber Army

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

iRANiAN.CYBER.ARMY@GMAIL.COM

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don't, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?

WE PUSH THEM IN EMBARGO LIST

Take Care.

The original note and the pictured defacement of the site are no longer online, but Twitter, status.twitter.com, and other parts of the service remain down as well.

Since we don't really know exactly what's going on here, we have the same recommendation as TechCrunch: Change any passwords which are identical to your Twitter one as a precaution. There's currently no way to know if there was a security breach beyond the defacement and some extra security measures can't hurt. [TechCrunch]

Update: TechCrunch may have been too quick to flip the "Major Panic!" switch as other places are reporting that this hack was simply a DNS hijack. [Geekzone—Thanks, Randall F!]