France's Hadopi suspends service after leak

France’s official P2P monitoring firm hacked,Hadopi suspends service after leak

The French government has temporarily suspended its reliance on the company designated to monitor file-sharing networks for copyright scofflaws following reports that a hack on its servers may have leaked sensitive information.
Eric Walter, France’s secretary general of internet piracy, made the announcement over Twitter on Tuesday, saying that Hadopi, short for the High Authority for the dissemination of works and the protection of rights, was taking control of Trident Media Guard “following the leak of IP addresses.”
TMG monitors peer-to-peer networks under France’s three-strikes anti-piracy law. Under the program, illegal file-sharers receive three warnings and are then reported to a judge, who is authorized to mete out a variety of punishments, including disconnecting a person’s internet connection. UK lawmakers have mulled a similar monitoring system, although it currently doesn’t carry the threat of disconnection.
The TMG data leak was discovered by security researcher Olivier Laurelli, aka Bluetouff, and first reported on the French blog (Bing translation here).
It remains unclear just how serious the leak from TMG was. As a government-sanctioned collector of IP addresses trading music, pictures and other media over file-sharing networks, it could possess a wealth of sensitive information about French citizens. But according to news reports published on Tuesday (Google translation here) TMG has said “no personal data was disclosed” and that the hacked machine was a test server.”
Over the weekend, TorrentFreak reported that the TMG server leaked scripts, p2p clients to generate fake peers and internal IP addresses used in its datacenter. An update on Tuesday said that “as the contents of the leak were examined in more detail, it became evident that TMG had not only leaked out its own data, but that belonging to the subjects of their monitoring.”
The so-far unproven allegations that TMG leaked sensitive information are vaguely reminiscent of the hack on anti-piracy law firm ACS:Law of the UK, which resulted in fines being levied against the firm’s principal for leaking “sensitive personal details relating to thousands.”

Facebook, data leak …. or not

Symantec (a computer security company) announced few days ago finding a potentially huge breach, from a faulty API used by developers of Facebook applications. It caused “hundreds of thousands” of Facebook applications to accidentally expose the so-called access tokens that are granted by users to Facebook applications. “Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.,” the researchers said.


The controversy is open as Facebook denies privacy breach allegations by Symantec.“No personal data could have been passed to third parties”, the company says. The company which recently admitted 7.5 Million users are kids.


But while denying Facebook has now fixed the problem, but it could still be a big problem for users, according to Symantec. That’s because these tokens may still be in circulation, stored in server log files or in other places on the Web. One of these access tokens will keep working until the Facebook user changes his password, so Symantec said that concerned users should change their Facebook passwords, like “changing the lock” on their Facebook account.


Symantec announce and issue details available here


Sony leaked 12,700 credit card account numbers

Following up on this morning’s news that Sony Online Entertainment servers were offline across the board, SOE announced that it has lost 12,700 customer credit card numbers as the result of the PSN attack, and roughly 24.6 million accounts may have been breached.

SOE has provided the following statement, in which it confirms that its user data was stolen as part of the original intrusion — not a second attack. “While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps. The intrusions were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April.”

Sony PlayStation Network data leaked and for sales

Whatever is going on over at the PSN (Sony PlayStation Network) seems pretty serious.As you may know, the PSN has been down for nearly a week.


Hacked and putted down


The Playstation Network has been down for a week due to an intrusion to their system. This is by far the worst downtime that ps3 users have ever experienced.

Hacked and users’ information being compromised
Since an estimated 77 million people have signed up for the service, the scope of the data leak is huge. This has lead to tons of rumors and speculation. And Sony confirmed Tuesday that hackers have managed to obtain personal information including name, address, password, login,email,telephone and possibly including credit cards(while those data were calimed encrypted by Sony).

Hacked for overall potential cost as being over $24 billion
Forbes cites data-security research firm The Ponemon Institute as estimating the “cost of a data breach involving a malicious or criminal act” was, on average, $318 per compromised account. Given the most recent PSN population estimate, that formula puts the potential cost as being over $24 billion.

Hacked and for sales: 2.2 million customers data with their creditcard

People from PSX-Scene forums are reporting that over 2.2 million customers’ names, addresses, phone numbers and credit card information is up for grabs to the highest bidder, including the crucial three digit CVV2 numbers. According to the forum post, rumors are spreading through underground trading forums and on Twitter that the database is for sale, “a large section of the PSN database containing complete personal details along…are being offer up for sale.”

“Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date”


Watchdog blackmailed by hacker: names home addresses and passwords leaked

South Korea’s financial watchdog launched an investigation into the leak of 420,000 customer’s personal information from South Korea’s Hyundai Capital, the consumer finance unit of Hyundai Motor Group.

The company, whose president returned to South Korea from an overseas trip earlier in the day, also began its own probe into the leak, which prompted the firm Friday to ask its 2 million customers to change their passwords to prevent further leaks.

The Seoul-based company, which specializes in personal loans, home mortgages and auto financing, said this week it was blackmailed by an unnamed hacker demanding money in return for not releasing the data.

The company, which stressed that key data required for financial transactions was not leaked, said names and home addresses of as many as 420,000 of its some 2 million customers were stolen. It remains unconfirmed whether their mobile phone numbers or e-mail addresses were disclosed as well.

“Investigators will be dispatched to look into the cause of the breach, the possibility of additional leaks and the contents of stolen information,” an official said.

Police said Sunday that a hacker likely used servers in the Philippines and Brazil.


More information from Reuters

Epsilon hacked and millions of emails compromised

The world’s largest “permissions-based” e-mail marketing company, Epsilon, reported late last week that someone hacked into its computer system and stole an unknown number of e-mail addresses and names.

The scope of this breach is huge, as Epsilon reports sending 40 billion e-mails per year on behalf of its 2,500 clients.Reuters says this is potentially “one of the biggest such breaches in U.S. history.” All customers who signed up to receive e-mails from these companies (see list below) can worry about their data being leaked:

  • TiVo
  • Walgreens
  • US Bank
  • Disney
  • JPMorgan Chase
  • Capital One
  • Citi
  • Home Shopping Network
  • McKinsey & Company
  • Ritz-Carlton Rewards
  • Marriott Rewards
  • New York & Company
  • Brookstone
  • The College Board

Read more about it on TechCrunch

BP reports data leak of 13,000 Gulf victims

BP (the oil giant company) admitted to losing a laptop containing the  private information of approximately 13,000 individuals that had filed claims following the gulf oil spill was reported lost by the company.

Data stored on the lost laptop include the following personnal details:

  • names
  • phone numbers
  • addresses
  • dates of birth
  • social security numbers

for individuals who filed claims related to last year’s disastrous Deepwater Horizon spill. BP has notified the individuals who may be affected and has offered free credit monitoring.

According to a statement from BP spokesman Tom Mueller, “There is no evidence that the laptop or data was targeted or that anyone’s personal data has in fact been compromised or accessed in any way. “We have sent written notice to individuals impacted by this event to inform them about the loss of their personal data and to offer them free credit monitoring services to help protect their personal information,” Mueller added.

A BP spokesperson made the following statement:

BP recently learned that a password-protected laptop computer was lost during business-related travel. This laptop contained personal information such as names, addresses, phone numbers, dates of birth, and Social Security Numbers of approximately 13,000 individuals who filed claims related to the Deepwater Horizon accident. The personal information was in a spreadsheet maintained by BP as part of a tracking process for claims arising from the Deepwater Horizon accident – part of the claims process before the Gulf Coast Claims Facility was established.

The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search. There is no evidence that the laptop or data was targeted or that anyone’s personal data has in fact been compromised or accessed in any way. Our Security team continues to monitor the situation very closely and we are still in touch with authorities in an attempt to recover the laptop.

We have sent written notice to individuals impacted by this event to inform them about the loss of their personal data and to offer them free credit monitoring services to help protect their personal information.

BP takes the protection of personal information very seriously and deeply regrets the loss of the laptop. customers data leaked, the biggest e-commerce sites in the UK, announced some of their customers may have had their personal details leaked online by a third party marketing firm.
Now it has emerged that the names and email addresses of a currently unknown number of users were stolen and subsequently used as targets for spam campaigns. was apparently only made aware of the leak by the customers themselves, who noticed that they had started getting spam emails sent to accounts which were only linked to their purchases.
John Perkins, chief executive of, confirmed the only data to have leaked related to email addresses. customers who were affected are advised to change the passwords on their email accounts as a precaution to ensure total safety.

NASDAQ avoid data leak

In a statement issued by NASDAQ this week, NASDAQ says it learned of the breach through routine monitoring. “We detected suspicious files on the U.S. servers unrelated to our trading systems and determined that our web facing application, Directors Desk, was potentially affected,” the statement says. “We immediately conducted an investigation, which included outside forensic firms and U.S. federal law enforcement. The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers. Our trading platform architecture operates independently from our web-facing services like Directors Desk and at no point was any of NASDAQ OMX’s operated or serviced trading platforms compromised.”

Analytics: IT departments leak most data … usually on a Tuesday

Data leak figures !

According to a survey on insider threats published by security firm Orthus this week, data leak is primarly Internal Data Leak, wich we already knew but more surprisingly, IT staff are the most likely to leak the sensitive data about their own company.

“The insider is most likely to be from the IT or customer services department, uses a mobile PC rather than a desktop computer and more often than not will copy the sensitive data to the local hard drive and walk straight out of the door with it – or webmail a copy to themselves,” wrote the authors.

Orthus based its findings on information extracted from data leakage audits conducted since 2006 on its own customer sites using remote agents: an estimated 500,000 hours of user activity within an unspecified number of mainly UK organisations employing 1,000 or more people.


Key results from this survey:

  • Corporate data leakage was most likely to occur through mobile devices with 68% of all events identified linked to mobile rather than fixed desktop systems.
  • Information Technology and Customer Services Departments had the highest incidence of data leakage.
  • Most incidents of data leakage occur during the extended working day (7-7 Monday to Friday).
  • The applications most favoured by users to remove sensitive data were identified as web mail, instant messaging (IM) and social networking web sites
  • The top 4 data leakage vectors were identified as mobile devices, web mail, removable media and corporate email.
  • All data leakage incidents identified could have been prevented. Existing corporate security policies were not implemented,monitored or enforced.



And some more information available here: