Tech & Science : Hackers scraped personal data from thousands of women shopping on plus-size clothing sites, and it points to a new trend that a cybersecurity expert calls 'uniquely terrible' - - PressFrom - Australia
  •   
  •   

Tech & Science Hackers scraped personal data from thousands of women shopping on plus-size clothing sites, and it points to a new trend that a cybersecurity expert calls 'uniquely terrible'

19:50  03 december  2019
19:50  03 december  2019 Source:   businessinsider.com.au

Woman stabbed in face during 'domestic disturbance' at Adelaide shopping centre

  Woman stabbed in face during 'domestic disturbance' at Adelaide shopping centre A 29-year-old woman is hospitalised with a stab wound to her face after an apparent domestic violence incident at an Adelaide shopping centre.Police said a man had been arrested following an incident at the Elizabeth Shopping Centre that happened about 7:30am.

  Hackers scraped personal data from thousands of women shopping on plus-size clothing sites, and it points to a new trend that a cybersecurity expert calls 'uniquely terrible'
  • Hackers obtained personal data on thousands of plus-size women, possibly with the aim of scamming them with products like false weight loss supplements, according to cybersecurity firm DynaRisk.
  • The hackers also discussed selling the women's data to third parties for targeted advertising, according to posts made on hacker forums obtained by DynaRisk and viewed by Business Insider.
  • The breach shows how hackers are attempting to cash in on the lucrative personal-data market driven by online advertising.
  • Visit Business Insider's homepage for more stories.

In a message recently uploaded to a dark web forum, a hacker solicited bids on an illegally obtained commodity. This wasn't typical contraband, like drugs or porn - it was a set of personal data from thousands of plus-size women.

Australian fashion brands: Best to worst ranked on ethical clothing

  Australian fashion brands: Best to worst ranked on ethical clothing Myer, Just Jeans, Peter Alexander and Katies have all been labelled 'naughty' for refusing to reveal which factories their clothes are made in.Myer, Just Jeans, Peter Alexander and Katies are among those in Oxfam's worst-performing Naughtiest list, meaning they are refusing to reveal which factories their clothes are made in and have made no commitment to paying living wages.

Others in the dark web forum discussed how to monetise the women's personal data by targeting them with scams meant to sell weight-loss supplements or plus-size clothing. The original poster included a sample set of a few thousand women's data, most of whom lived in the US, suggesting the full set included hundreds of thousands of data points.

The hacker gained unauthorised access to the data from women's clothing websites, according to DynaRisk, a cybersecurity firm who detected the activity and shared its findings with Business Insider. DynaRisk determined that the data was exposed in late August.

ACT Government hacks expose lack of 'basic cyber hygiene' in territory's online security: expert

  ACT Government hacks expose lack of 'basic cyber hygiene' in territory's online security: expert Two hacking attacks on the ACT Government show a "lack of awareness" of "basic cyber hygiene", according to a security expert, who warns smaller governments are a potential target for criminals. ACT Government data was accessed by outside actors twice in less than six months during 2018.In one incident, hackers accessed the ACT Government Directory, containing corporate contact information for thousands of public servants.Some contact cards included personal details, like mobile phone numbers.

The hackers' activity is notable because it reflects a new strategy hackers are using to maximise their profit from illegally obtained data, according to DynaRisk CEO Andrew Martin.

"This is not something we come across every day, and this is really uniquely terrible," Martin said.

Breaches of user data are fairly commonplace, but it's less common for hackers to aggregate data on a specific demographic - in this case, plus-size women - seemingly with the aim of selling the data to bad actors who believe they have a higher chance of marketing specific, possibly fraudulent products to that demographic.

"Most cybercriminals will find a list of 500 million hacked email addresses and they will bombard them with spam, but they don't know what to send them ... in this case, they know a message that might resonate with these women, and they might be seeking out this specific type of product," Martin said.

Should You Trust Online Shopping Apps Like Honey?

  Should You Trust Online Shopping Apps Like Honey? When PayPal announced last month that it would acquire Honey, the browser extension and app that helps you find coupon codes and deals when you shop online, my ears perked up. It wasn’t the news of the acquisition that piqued my interest: it was the fact that PayPal would pay $6 billion, mostly in cash, for the company. What could PayPal possibly want with Honey’s 17 million users? But the answer is obvious: data. The reality of every program you use that finds you deals, discounts, coupons or cash-back rebates is that the service needs to collect information about your shopping habits in order to find those deals and discounts for you.

While the women's data was illegally obtained, the hackers' strategy mirrors a legitimate market driven by the personal data economy. Online advertisers are willing to pay top dollar to companies that aggregate demographic data, like Facebook or Google - Investopedia estimates that Facebook owns as much as $US70 million-worth of personal data.

It's even possible that a legitimate company could use personal data provided by illicit sources like this dark web forum, according to Martin, and it would be almost impossible to track whether the company had done so.

"A company could end up buying a list from a third-party data broker, like a 'grey market' provider, and that company might have a don't ask, don't tell approach ... so these people could be targeted with legitimate products through an illegitimate route," Martin said.

As personal data becomes increasingly lucrative, methods like these are likely to become more common. High-profile hacks and data breaches are on the rise, and selling bundles of demographic data provides yet another incentive for hackers.

Quickly Locate Hard-to-Find Items With This Search Engine For Vintage Clothing .
If you’re shopping for new clothing, then finding the thing you want is a relatively easy proposition. When you’re looking for vintage clothing; however, finding that perfect jacket, bag, or pair of jeans gets a bit more complicated. Gem is a website and app that can help. The site works as a search engine of sorts, but specifically for vintage items. Refinery 29 wrote about the site earlier this week. require(["inlineoutstreamAd", "c.

—   Share news in the SOC. Networks

Topical videos:

usr: 6
This is interesting!