ATM Card Hack! 32 Lakh Debit Cards Affected – Change your PIN now

As many as 32 lakh debit cards of customers of HDFC Bank, ICICI Bank, Yes Bank, Axis Bank, and SBI have been affected by what is being called India’s biggest ATM card hack.

As reported by the Economic Times, the breach could have been caused by a malware that was introduced in the systems of Hitachi Payments Services, a provider of ATMs and Point of Sale (POS) services. Allegedly, hackers were able to steal the details of about 32 lakh debit cards that were used in the virus-infected systems.

What’s happening at the moment?

1. SBI has blocked debit cards that were compromised in the hack and will re-issue over 600,000 cards to the affected customers.

2. Several customers have reported about unauthorized transactions made by their cards in various locations in China.

3. Other banks such as Bank of Baroda, IDBI Bank, Central Bank, and Andhra Bank who have not been affected by the breach have replaced their debit cards as a precautionary measure.

4. ICICI Bank, HDFC Bank, and Yes Bank have asked customers to change their ATM PIN.

5. Yes Bank has capped cash withdrawal to a maximum Rs 5,000 per day till the ATM PIN is changed.

6. Most banks are advising their customers to use their respective bank’s ATMs and not a third party one.

7. An inquiry has been ordered by the Payments Council of India to locate the origin of the breach in Indian bank servers and systems.

What should you do?

If you have received a message from your bank about getting a new debit card or change your ATM PIN, follow the instruction immediately. It is strongly recommended to change the PIN in any case, just to be on a safer side.

Also, follow these security practices for safer ATM banking

1. Change your ATM PIN once every 3-6 months.

2. Never share your bank details over emails, calls, or SMSs no matter how genuine the caller/sender may seem.

3. Alert your bank if you notice any unauthorized transactions in your account.

4. Use ATMs that are located in busy places. Avoid using those that are in remote or hidden locations such as those behind buildings, parking lots, and spots that are away from public view. For obvious reasons, such ATMs are usually targetted by cybercriminals.

5. If you are using an ATM for the first time, check for ATM skimmers (fake parts that steal card details) before putting in your debit/credit card. While a visual inspection may not be helpful, you can always do a physical inspection by trying to tug, push or pull parts like the card reader, keypad, the cash dispenser, the lining of the screen, etc. ATMs generally don’t have parts that are badly constructed, are loose and oddly fashioned.

Also read: What Banks Are Saying About this Data Breach

Share this post with your friends and peers so that they can also take the necessary precaution against this incident.

Thanks and stay blessed!

Sources:

• http://economictimes.indiatimes.com/articleshow/54945561.cms?utm_source=contentofinterest&utm_medium=text&utm_campaig

• http://indiatoday.intoday.in/technology/story/32-lakh-atm-cards-hacked-is-your-debit-card-safe-should-you-change-pin-everything-you-need-to-know/1/791424.html

• http://www.hindustantimes.com/business-news/sbi-recalls-600-000-debit-cards-as-questions-linger-about-after-effects/story-FG865Dcz1ulAOYEdFTTxnI.html

Police Arrest 16-year-old Boy Who Hacked CIA Director

The teenage hacker, who calls himself a member of hacktivist group "Cracka with Attitude," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested.

In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a
16-year-old British teenager who they believe had allegedly:

• Leaked the personal details of tens of thousands of FBI agents and US Department of Homeland Security (DHS) employees.
• Hacked into the AOL emails of CIA director John Brennan.
• Hacked into the personal email and phone accounts of the US spy chief James Clapper.
• Broke into the AOL emails of the FBI Deputy Director Mark Giuliano.

Federal officials haven't yet released the identity of the arrested teenager, but the boy is suspected of being the lead hacker of Cracka With Attitude, who calls himself Cracka, the South East Regional Organised Crime Unit (SEROCU) told the Daily Dot.

According to the report, Cracka is the same teenage hacker who recently leaked the personal information of 31,000 government agents belonging to nearly 20,000 FBI agents, 9,000 Department of Homeland Security (DHS) officers and some number of DoJ staffers.

Crime Unite Released a Statement

In a statement, the SEROCU confirmed that the unit had arrested a teenager on Tuesday in the East Midlands on suspicion of:

• Conspiracy to commit unauthorised access to computer material contrary to Section 1 Computer Misuse Act 1990.
• Conspiracy to commit unauthorised access with intent to commit further offences contrary to Section 2 Computer Misuse Act 1990.
• Conspiracy to commit unauthorised acts with intent to impair or with recklessness as to the impairing operation of a computer contrary to Section 3 Computer Misuse Act 1990.

Accused Teen: Authorities Ruining My Life

The unit declined to provide any further information on the arrest, but while speaking to Motherboard, the arrested teenager denied being Cracka, saying "I am not who you think I am ;) ;) ;)"

"I am innocent until proven guilty so I have nothing to be worried about," the teen said. "They are trying to ruin my life."

Neither the Department of Justice (DoJ) nor the FBI have yet responded to comment on it.

Thanks and stay blessed!

Your TeamViewer Account has Been Hacked? Here's What to Do Immediately

Do you have remote login software TeamViewer installed on your desktop?

If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests.

According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED!

Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal.

This same behavior has also been reported by the IBM security researcher Nick Bradley, who said:

"In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns on me: I have other machines running TeamViewer!"

But, the question still remains: What really happened to TeamViewer?

Actually, no one knows, at least, for now.

Because no evidence indicates a system-wide security breach at TeamViewer that could have given the attackers some sort of backdoor into users' PCs.

TeamViewer has also reacted by strongly denying the claims that the intrusions are the result of a hack on TeamViewer's network.

Instead, the account takeovers are the result of end users' carelessness. Moreover, the company referred to the recent widespread "mega breaches" that have dumped over 642 Million passwords over the past month.

"As you have probably heard, there have been unprecedented large-scale data thefts on popular social media platforms and other web service providers," the company wrote. 

"Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services."

However, TeamViewer stands strong by its statement that a Denial of Service (DoS) attack knocked some of its servers offline on Wednesday, but the company managed to bring them back online after a few hours.

The company advised its users to avoid careless use of its service and always:

• Use a different password for each account.
• Use two-factor authentication.
• Use a password manager.
• Don't tell other people your passwords.

Moreover, TeamViewer also announced two new features on Friday aimed at boosting its users' security after numerous users flocked online to complain about getting hacked through its service.

The two new features are:

• Trusted Devices
• Data Integrity

The Trusted Devices feature is specifically designed to prevent hackers from taking over your TeamViewer account. The feature allows you to approve the new device as trusted before it can access an existing TeamViewer account for the first time.

The device approval process is conducted by clicking a validation link sent to the account owner's email address.

The second feature, dubbed Data Integrity, works by automatically monitoring a user's account activity. If it detects any unusual behavior that might suggest account has been hacked, the service forces users to reset their password.

Here's What you should do:

TeamViewer users are strongly recommended to change their account passwords and use a strong one, and of course, NOT to use the same credentials across multiple sites.

I know, remembering different passwords for different accounts is a real pain, but you can use a good password manager to solve this issue.

Meanwhile, users should also ensure their TeamViewer accounts are protected with a randomly generated password that is at least 10 characters long, contains numbers, symbols, and uppercase and lowercase letters, and is unique.

It is always a good idea to run the TeamViewer software only when it's truly needed, instead of allowing it to auto-start each time your PC is turned on.

If you have also experienced something fishy with your TeamViewer account, let us know in the comments below.

Thanks and stay blessed!

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.
However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.


The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.

"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post."

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?


The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.


So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.


The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password. 


Thanks and stay blessed!

Facebook Founder Zuckerberg's Twitter, Pinterest accounts gets Hacked! And the Password was...

The man who runs the biggest social network and continuously  implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts.

Yes, I’m talking about Facebook CEO Mark Zuckerberg, who had his Twitter and Pinterest accounts compromised on Sunday.

The hacker group from Saudi Arabia, dubbed OurMine, claimed responsibility for the hack and guess how the group did it?


The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts.

The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter (@finkd) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offensive posts.

Mr. Zuckerberg has not sent a tweet from the account since 2012.

Now, what’s more surprising?

Zuckerberg's LinkedIn password was "dadada", which he also used for his other online accounts, the group tweeted.

So, this might be another alarm for those who haven’t yet changed passwords for their LinkedIn as well as other online accounts that used the same credentials.

Also Read: Popular Social Site Vk.com Hacked ! 100 Million Passwords Leaked Online

In tweets now deleted, the group also claimed to have gained accessed to Zuck’s Instagram account, but Facebook confirmed that the group did not access his Instagram account.

"No Facebook systems or accounts were accessed," a Facebook spokesperson said. "The affected accounts have been re-secured."

More than 167 Million members' email and password combinations were hacked during a 2012 LinkedIn data breach and had just been posted online. The passwords were encrypted with the SHA1 algorithm with "no salt" that made it easier for hackers to crack them.

Like other data breaches, I suggest you change your password immediately, especially if you use the same password for other websites.



Thanks and stay blessed!