Some Safeway customers in California and Colorado who used debit/credit cards have had their card numbers and PINs slurped up by criminals who then took the cards out for spending sprees.

Cops covertly buy stolen cards from underground sites to figure out where they came from, and so these sites implement security measures that try to figure out whether a purchaser is an undercover cop, and refuse to sell to them if they trip a positive result.

Mostly it's your record locator and frequent flier number, but with that, an attacker can access the ticket record, see your future flights, your email address, and the details of the emergency contacts you'd added to the reservation.

Security blogger Brian Krebs is among those hot on the trail, and he "may have a new lead," according to the New York Times.

On Wednesday, Brian Krebs, the well-known security blogger posited a new theory about who may have hacked the site, which helps arrange extramarital affairs.

Emails sent by the "have an affair" dating network's CEO suggest the firm "hacked" rival Nerve.com in 2012, taking its user database.

Brian Krebs:

"They did a very lousy job building their platform. I got their entire user base," [Ashley Madison CTO Raja] Bhatia told [CEO Noel] Biderman via email, including in the message a link to a Github archive with a sample of the database.

A vast data dump, purportedly exposing millions of users of a hookup service for cheating spouses, has been confirmed.

In a statement, Ashley Madison spokesman Anthony Macri (right) said the dump was a criminal act. He didn't mention that the company had kept the data, for reasons unknown, after charging its users to have it permanently deleted. — Read the rest

"A group of ethnic North Koreans residing in Japan known as the Chongryon are critical to North Korea’s cyber and intelligence programs, and help generate hard currency for the regime. "

"The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures," writes Brian Krebs.

There are many points of security failure along the way that leave your financial data vulnerable to theft.

Enough Hilton Hhonors points to cover $1200 worth of stays can be bought for $12, and the crooks who're inside your account can use your associated credit-card to buy more points and more hotel rooms for themselves.

The older machines — about half of them running Windows XP, which no longer receives security updates — are very vulnerable to "jackpotting" attacks where criminals trick the machines into paying out money without correctly debiting any account, to the tune of millions.

Someone sent Brian Krebs an envelope of counterfeit $100 and $50 bills, apparently manufactured by Mrmouse, the counterfeiter whom Krebs outed for selling his notes openly on Reddit.

Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. — Read the rest

The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

A 16-year-old Canadian male has been arrested for calling in over 30 "swattings," bomb threats and other hoax calls to emergency services in North America. The young man is alleged to be the operator of @ProbablyOnion on Twitter, which had previously advertised swattings (sending SWAT teams to your enemies' homes by reporting phony hostage-takings there, advising police that someone matching your victim's description is on the scene, armed and out of control) as a service, and had bragged of swatting computer crime journalism Brian Krebs twice. — Read the rest

The news that Target stores lost 110 million customers' credit card details in a hacker intrusion has illustrated just how grave a risk malicious software presents to the average person and the businesses they patronize. Brian Krebs has good, early details on the software that the hackers used on infected point-of-sale terminals at Target, and some good investigative guesses about who planted it there and how they operated it. — Read the rest

"Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards," Reports Brian Krebs, at Krebs on Security blog.

Security researcher Brian Krebs reported yesterday that Target was investigating a data breach "potentially involving millions of customer credit and debit card records." Target confirmed this morning that 40 million such records were stolen.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence.

Brian Krebs proposes that software vendors should be forced to pay a bounty on all newly discovered vulnerabilities in their products at rates that exceed those paid by spy agencies and criminal gangs. He says that the bill for this would be substantially less than one percent of gross revenues, and that it would represent a massive overall savings when you factor in the cost to all the businesses and individuals who are harmed by security vulnerabilities. — Read the rest

Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves' service called Superget.info. Superget specialized in supplying identity thieves with "fullz" — full records of their victims, useful for impersonating them and for knowing where their assets are. — Read the rest