- of
AT&T Hack Exposes E-Mail Addresses
In June, researchers at Goatse Security uncovered a flaw on AT&T's Website and used it to get their hands on 114,000 e-mail addresses belonging to Apple iPad 3G owners. AT&T was not pleased, and the FBIlaunched an investigation.
Thieves Hit ECMC
Underscoring the intersection of IT security and physical security, an old-fashioned theft of two safes from the Education Credit Management Corporation endangered personal information belonging to 3.1million college students. Inside the safes were nearly 650 disks with student information belonging to the corporation, which services and insures college loans. The safes were recovered by police in Minnesota along with what is believed to be all of the disks.
Hackers Tomahawk Apache
Armed with a cross-site scripting vulnerability and a Tiny URL redirect, hackers targeted the open-source Apache Foundation and swiped passwords from the server hosting software Apache uses to track issues and requests.
Pirate Bay Heist
Argentinian hacker Ch Russo and two associates used numerous SQL injection vulnerabilities in the popular file-sharing Website to access the user database, exposing e-mails, user names and IP address information for more than 4 million users. Russo said neither he nor his cohorts did anything to alter ordelete information in the database.
WellPoint Breach
A business logic flaw in a third-party program used by health insurer WellPoint opened up 470,000 customer records for exposure. Though the glitch was fixed in March, the company reportedly only learned of the vulnerability when a California customer sued after discovering she could get confidential information about other customers by manipulating Web addresses used in the program.
iTunes Accounts Compromised
Not exactly a hack, but a compromise nonetheless. Security pros believe that 400 phished accounts were used by an iPhone app developer to fraudulently purchase his programs from the Apple App Store and boosttheir popularity ratings.
Digital River Hack
Records for nearly 200,000 people were swiped from the servers of e-commerce company Digital River. The information included names, e-mail addresses and other data originally gathered by companies offering affiliated marketing programs. In May, the company got a court order to stop a New York man from selling, altering or destroying the data after he was caught trying to sell the information to a marketing firm for$500,000.
Abusing Privileges
In April, the Department of Social Services in Virginia Beach, Va., revealed eight employees were fired or disciplined over the previous year for accessing confidential information about former employees, family members and clients. The violations ran the gamut from a boss who forced her employees to gather information from a state database about her husband's child to a worker who checked the status of a dead client's Medicaid benefits.
Aurora Attack
When Google announced in January it had been breached, it touched off months of controversy and accusations that reached around the world. The cyber-attack is believed to have run from mid-2009 to that December. The attack also affected dozens of other organizations, including Adobe Systems and Juniper Networks.
IT Security & Network Security News & Reviews News & Reviews 
iPad 3: 10 Design Ideas Apple Should Borrow
10 Hot Tech Products Sure to Fire Up the Market in 2012
iOS, Android App Economy Fuel 500K U.S. Jobs: TechNet
Microsoft's Windows 8 Minimized Ribbon, Sensors Among New Feature[..]
NoSQL Database: 5 Ways to Make It Enterprise-Ready
Facebook IPO: 10 Facts You Didn't Know Before the SEC Filing
See All Slideshows
This has been a busy year for both hackers and computer forensic specialists. Whether it was the 4 million usernames and e-mail addresses swiped in a hack of The Pirate Bay or AT&T's Website hack that exposed the e-mail addresses of iPad 3G owners, the first six months of 2010 are a reminder of the realities of today's IT security landscape. With this backdrop, security professionals will meet the week of July 26 at the Black Hat security conference in Las Vegas to discuss the latest threats and what can be done about them. While each of the most serious hacks and malicious breaches are different, many have a key similarity - insecure code. Others highlight the dangers of phishing and criminals exploiting potential gaps in physical security. Here are some of the more notable data breaches, hacks and exposures that made the news so far this year.