Cybersecurity news headlines for May 15-31, 2019
Cybersecurity news headlines for May 15-31, 2019
To continue our May edition of cybersecurity news headlines, we discuss Google’s habit of tracking your purchases and how the company kept unhashed passwords of G Suite users for 14 years, as well as a serious security breach in drive-thru restaurant Checkers.
Google revealed to have stored G Suite unhashed passwords for 14 years
Tech giant Google has revealed that it had stored some of its enterprise customers’ passwords in unhashed form for nearly 14 years. It should be noted that this only affected an undisclosed number of G Suite enterprise customers, not regular Gmail accounts. Google did not reveal the number of G Suite customers affected, but overall there are around 5 million enterprise customers using G Suite.
“Google’s policy is to store your passwords with cryptographic hashes that mask those passwords to ensure their security. However, we recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Google’s VP of Engineering Suzanne Frey said in statement linked above.
According to Google, they made an error and accidentally stored unhashed passwords between 2005 and 2019. Typically, Google hashes passwords, which makes it impossible for anyone to actually see what they are. However, a bug made it so that passwords, while stored securely in Google’s encrypted systems, were not hashed.
The issue has been fixed, and it bears mentioning that neither Google employees or nor anyone else could have accessed the passwords as they were encrypted. Google further reassures its customers that there is no evidence to suggest that someone had accessed the passwords or misused them in any way. Enterprise administrators have been notified and are being prompted to change their passwords.
Google tracks what you purchase via your Gmail account
If you have ever wondered what kind of purchases you made two/three years ago, it turns out you can check via your Google account. Simply navigate to a page called “Purchases” in your Google account, and there it is, a list of things you have bought, dating back to whenever you first used your Gmail account to receive a receipt. We’re not talking about things you have bought via Google Play. The list will show all purchases, whether they were made via Google Play, Amazon, or anywhere else, as long as a receipt was emailed to your Gmail account. Among the purchases, you will also find subscriptions and bookings.
Google has said that purchase information is not being used to generate ads, but instead is meant to help users keep track of their purchases. However, it does not seem that an option to disable this feature is currently available. Furthermore, if users wanted to delete the data they would have to do it one by one, which means that if they’ve used their email for a while, it will take them a long time to clear the purchase history. They would also be deleting the email with the receipt if they remove a purchase.
While this feature may be helpful to some users, it’s rather invasive, particularly because there does not seem to be an opt out feature. For users who want to check whether Google has their purchase information, they can check here.
Drive-thru restaurant Checkers reveals security breach
Drive-thru restaurant chain Checkers and Rally’s recently revealed that by infecting point-of-sale (POS) systems, attackers were able to steal payment card information of customers from more than 100 Checkers locations.
According to the statement, an investigation was launched immediately after the potential issue was noticed, and it was determined that malware had been installed on POS systems at certain Checkers and Rally’s restaurants. This enabled attackers to steal payment card information of guests of some Checkers locations. List of affected locations can be found here.
“Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests,” the statement reads.
The malware essentially collected information stored on the magnetic stripes of payment cards, which includes cardholder name, card verification code, card number and expiration date. Checkers goes on to explain that no other personal information was affected.
Law enforcement agencies have been informed about the incident, and Checkers is coordinating with payment card companies in order to protect cardholders. It is advised that customers regularly review account statements in order to spot any unauthorized transactions.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.