Hackers access real Fitbit user accounts to steal devices, concerns over the security of baby monitors continue to grow and the feds uncover data theft at Time Warner Cable. All this and more in The Month in Hacks.
Fitbit Users Call for 2FA After Accounts Penetrated
CNBC reported on January 8 that criminals used leaked email addresses and passwords from third-party sites to access the accounts of Fitbit users. Once inside the accounts, the fraudsters updated addresses and log-in credentials so they could steal replacement devices under the warranty program. Responding to rumors that the hackers accessed customer GPS data, which tracks a variety of user movements from running routes to sleeping patterns, a company spokeswoman stated that an investigation found no evidence of a GPS data breach, adding,“We take the security of our customers’ accounts very seriously.” Fitbit customers did however voice their concerns about the company’s user verification process and lack of better authentication, which could have alerted them when their account was accessed and credentials changed.
TWC Says Phishing or Third Party Hack Cause of Breach
Venture Beat reported on January 6 that Time Warner Cable has notified 320,000 customers of a possible data breach. Affected customers were asked to update their passwords following a breach focused on the telecommunications giant’s Roadrunner email accounts. The FBI alerted Time Warner of the hack, which the company speculates is the result of a possible phishing scam or attack on a third party server, but they are not yet aware of how the breach succeeded.
Fast Food Fiends: Wendy’s Hit by Card Data Breach
That Junior Bacon Cheeseburger may have cost more than 99 cents following the theft of customer card data at fast food chain Wendy’s. After swiping their cards at the restaurant, customers reported unusual account activity that looks like their cards were used later for unauthorized purchases. The company told WJXT News 4 JAX on January 28 that it is working with cybersecurity experts to determine what happened. Anyone who used a card at Wendy’s is encouraged to check their bank statement for fraudulent activity.
Baby Monitor Hacking Concerns Grow
The NYC Department of Consumer Affairs (DCA) has urged parents to increase security on their baby monitors, reported NBC News on January 27. DCA Commissioner Julie Menin issued a public statement declaring, “”Video monitors are intended to give parents peace of mind, (but) if they aren’t secure, they can provide easy access for predators to watch and even speak to our children.” Menin’s statement came in response to numerous reports that parents heard hackers talking to their children at night through the breached monitors. Because many wi-fi enabled baby monitor accounts are accessed through username and password only, they are vulnerable to unauthorized access. Parents are encouraged to strengthen passwords and update them regularly. Other advice for consumers includes regularly downloading software updates and turning the devices off when they are not in use. Manufacturers of the devices have also been urged to increase security on their end, with many hoping they consider investments in protecting account access through two-factor authentication.