According to the agency, over 800,000 employees of the USPS have had their personal data stolen from the postal service’s servers. When you consider that the USPS employs just under 500,000 people (below 800,000 in the 90’s) then you realize that the data stolen includes both current and former employees of the USPS. The data breach mostly affects employees of the USPS rather than customers who may have done business with them. They do state that the USPS’ customers that have done business with them between the months of July and August may have had their contact information lost, but no credit card or payment data was obtained by the hackers.

The USPS has a long and detailed FAQ that answers consumers questions about the data breach and whether or not their data has been compromised. The interesting thing about this breach is that it isn’t a typical breach where hackers are going after customer data or going after credit card data or passwords. The hackers in this specifically went after the employee data of the USPS and were able to gain access to what appears to be all of it. The USPS isn’t clearly saying what employee data had been stolen, but the USPS official release states that it the data stolen includes, “The employee information potentially compromised in the incident included some employee personally identifiable information (PII), such as names, dates of birth, Social Security numbers, addresses and other information including beginning and end dates of employment, and emergency contact information.”

The other huge problem with this breach is that the USPS did not communicate this breach, which occurred in mid-September until now, almost two whole months later. This would mean that the employees that got hacked have had their information out and about without their knowledge for the past two months which means anyone could have caused financial ruin for the employees of the USPS. The fact is that the American Postal Workers Union should be absolutely up in arms about this and should sue the USPS for breaching their duty to protect and properly notify their employees of such risks in a timely fashion. We’ve already gotten quite angry with retailers taking a month to tell us that our credit card numbers have been stolen, yet even more personal potentially ruining data was kept from USPS employees for nearly 2 months.

There are currently no official suspects or leads in the case, but some publications are indicating that the attack may have come from Chinese hackers.

There is one more interesting tidbit in this USPS story, and that’s the fact that the USPS has taken this event as an opportunity to take a dig at the New York Times for their piece about the USPS and their involvement in tracking Americans’ mail. Here is the question and answer, verbatim.

Q: I’m concerned about a New York Times article that mentioned “surveillance” of mail. Is this connected with the cyber-intrusion incident and what is meant by “mail covers”?

A: The New York Times article is unrelated to the cyber breach. The New York Times article titled ‘Report Reveals Wider Tracking of Mail in U.S.’ published on Tuesday, October 28, 2014 is extremely disappointing. The article is inaccurate and unfairly presents a one-sided version of the facts. First and foremost, the United State Postal Service respects the privacy of its customers and the sanctity of the mail. Contrary to what is suggested in the article, the Postal Service does not monitor the mail behavior of its customers and it does not maintain any system or program of so-called “surveillance.” Unfortunately, and perhaps to create a news story where there is none, the New York Times article conflates three independent mail programs in order to create the wholly false impression that there is some vast mail monitoring system in operation. While such an assertion may make for a more interesting news article – it is not based on the facts. Mail covers are used for criminal investigations. The increased use of mail covers in 2013 and 2014 is connected to single packages investigated involving illegal drug shipments. Eighty percent of all mail covers in 2014 were related to these important investigations. All other mail covers have actually decreased by more than 30 percent since 2012. It is unfortunate that the New York Times presented such a distorted view of the facts. Its readership would have benefited from a more even-handed approach. The Postal Service processed and delivered 158 billion pieces of mail last year, of which only a tiny percentage was subjected to the mail cover process. The people who need to be concerned about mail covers are those who use the U.S. Mail to ship illegal drugs or who are otherwise breaking the law.

The post USPS Hacked, 800,000 Employees' Info Accessed appeared first on VR World.

So, it seems like Karma has a way of sorting things out in this world and today’s news about MCX’s CurrentC  program already getting hacked pretty much sorts that out. MCX’s CurrentC is supposed to be the retailers’ own version of Apple Pay, a direct competitor in fact. But recently, MCX retailers that already have pre-installed NFC hardware have disabled it in order to prevent Apple Pay from working in their stores. This is because all of the MCX retailers are still wanting to push for their CurrentC solution rather than Apple Pay.

Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.

We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.

What’s amusing about all of this is that it is a replay of what happened with Google Wallet when Google launched it YEARS ago. In fact, talking to tellers about their Apple pay solution at Wholefoods and whether or not it supported Google Wallet, they simply had NO idea it existed or if they supported it. What’s funny is that they seemed shocked that Google Wallet had already existed for years before Apple pay but got virtually no support from retailers and carriers. Sure, there are places where you can regularly pay with Google Wallet, like 7/11, but the reality is that Google Wallet primarily struggled because the carriers didn’t want it to succeed.

The carriers simply didn’t want Google Wallet to succeed because they saw it as a challenger to their own potential NFC payment solutions, especially Verizon. Verizon actually disabled Google Wallet on their version of the Galaxy Nexus and as a result, Google Wallet didn’t work on Verizon’s network for a long time. Why did Verizon do that? Because they had their own Google Wallet competitor, formerly known as ISIS, now known as Softcard. So, in reality, Apple is running into the same opposition that Google did, except they are more loved by consumers and when their ideas are shot down or blocked by competitors it becomes a big deal and consumers get upset and start to organize boycotts.

Either way, the backstory is important to understand why CurrentC, Apple Pay and Google Wallet are at odds with each other, but it doesn’t change the fact that Google Wallet and Apple Pay are clearly more secure solutions than MCX’s own CurrentC which appears to be insecure well before its launch. Nobody is going to want to use a technology like CurrentC if they can’t protect consumers, ESPECIALLY when CurrentC does not connect to a credit card but rather directly to a debit card meaning that if anyone were to ever hack your CurrentC account they would have immediate access to your own money and could clear out your bank account. This is one of the biggest complaints about CurrentC right now, and a lot of people are right to be uneasy about it.

If you want to learn more about CurrentC, we recommend you check out their FAQ where they answer a lot of questions, some poorly albeit.

Some good examples of their confusing FAQs are the fact that they mention that they support credit cards, but then they say that they will support credit cards in the future. They have no problems supporting debit cards and checking accounts though.

• Provide consumers with multiple ways to pay at their favorite merchants, including merchant gift cards, credit cards and debit accounts and personal checking accounts. MCX has plans to add additional forms of payment, including credit cards.

Then they talk about merchant exclusivity…

Does MCX Require its Merchants to Only Offer CurrentCTM?

MCX merchants make their own decisions about what solutions they want to bring to their customers; the choice is theirs. When merchants choose to work with MCX, they choose to do so exclusively and we’re proud of the long list of merchants who have partnered with us. Importantly, if a merchant decides to stop working with MCX, there are no fines.

They say that merchants can make their own decisions about what solutions they want to bring to consumers, but then they say that merchants that choose to work with MCX choose to do so exclusively. Meaning, they want you to believe that merchants can pick between solutions, but what they really mean is that you can pick to use MCX or not, and if you do, you can’t really use anything else because that’s how it works. CurrentC is really an awful solution for consumers and is purely designed for the retailers to maximize their profitability and control. MCX is a retailer platform while Apple Pay and Google Wallet are consumer platforms.

The post CurrentC, Apple Pay Competitor, Already Hacked appeared first on VR World.

Update: Dropbox denies that it was hacked and posted the following on its blog.

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

In a recent Pastebin posting, an anonymous hacker, who is asking for BTC donations to post more account usernames and passwords. He or she has already posted hundreds of account credentials, which check out to be authentic accounts if you test any of them out. The irony of this situation is that Dropbox had just recently posted a blog about now getting baited by phishing or malware on their website. Obviously, the 6,937,081 accounts that have supposedly been compromised are not all going to be the result of phishing or malware, but very likely due to some vulnerability in Dropbox’s own systems.

Most of the passwords that people have tested are expired passwords and may be flagged by Dropbox’s own systems as vulnerable accounts. Up until the time of publication, Dropbox has not published any official statements on their website or twitter account, but if you want to ensure that your Dropbox account is safe from account hacking you should enable 2 factor authentication (2FA). This means that even if someone has access to your username and password, they will still need to authenticate through your phone or an email account. This is a mandatory safeguard to keep yourself protected from such major password hacks and obviously, you need to enable it if you are serious about your own security.

Dropbox has recently also come under scrutiny from people like Edward Snowden who claim that the service is unsafe for people to use without government spying. They also have the former Secretary of State and National Security Advisor, Condoleezza Rice, on their board of directors which is seen as a very anti-privacy move considering that she was involved in many of the spying programs implemented today in one way or another

The post Hacker Claims to Have Access to 7 Million Dropbox Accounts appeared first on VR World.