Skip to content
Naked Security Naked Security

News in brief: cryptocurrency exchange hacked; laptop ban further eased; AA under fire over data breach

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

Bithumb exchange hacked

Hard on the heels of the news that users of Classic Ether Wallet had had their wallets emptied thanks to a domain hijacking came news of another cryptocurrency heist, with South Korean users of Bithumb, one of the world’s largest cryptocurrency exchanges, the hardest hit.

Bithumb, which is South Korea’s largest Bitcoin and Ethereum exchange, said it would compensate users after the site’s data after announcing that the personal details of more than 30,000 of its users were stolen in a data breach.

Bithumb initially said in a blog post (in Korean) that it would cover losses of up to 100,000 Won ($87), but some victims may well have had much more stolen, with one user claiming to have had 1.2bn Won taken.

The breach is thought to date from February, with Bithumb only discovering it and reporting it to the authorities in June. Coindesk reported that both the Korea Internet and Security Agency and the Korea Communications Commission were involved in the investigation.

More airlines end laptop ban

More good news for travellers to the US as two more Middle Eastern airlines said that they had lifted the laptop ban on its flights to the United States. The ban on devices bigger than a smartphone has been scrapped with immediate effect, said both Emirates and Turkish Airlines on Wednesday.

Emirates, which flies to 12 American cities, told the BBC that it had worked with US officials to meet new security standards at its Dubai hub, while Istanbul airport, Turkish Airlines’ home, has also tightened up its security screening.

Neither airline went in to any detail about the heightened security measures, but the BBC reported that officials from both the US and the UK – which also has a similar ban in place on electronic devices in the cabin – had visited Istanbul airport earlier this week.

Etihad said at the weekend that its flights from its Abu Dhabi hub were now exempt from the ban, which leaves flights from Qatar, Morocco, Jordan, Egypt, Saudi Arabia and Kuwait still affected by the ban.

AA under fire over breach

The AA is under fire for the way it handled a data breach in April that exposed 13GB of data comprising the details of more than 100,000 customers of the motoring organisation’s online shop. The cache was visible online for a few days before the AA took it down, saying at the time that no sensitive information had been exposed.

However, security researcher Troy Hunt analysed the cache and found that it revealed the email addresses, names, credit card expiry dates and the final four digits of those cards, and told the BBC that he had confirmed that the details did indeed belong to “customers of the AA and they never received a notification about the data exposure”.

The AA blamed a “server misconfiguration” and at the time said it takes “any data issues incredibly seriously and would like to reassure our AA Shop customers that their payment details have not been compromised”.

This is the second time in the space of a fortnight that the AA has under the spotlight: last week it emailed its members a warning to reset their passwords, which the recipients duly went ahead and did – and promptly crashed the AA’s servers.

Catch up with all of today’s stories on Naked Security


6 Comments

$87? real banks cover much more per savings deposit account; UK 85,000 GBP, US =100,000 US, UE= 100,000 EUR. Something to consider if your life savings are not in a nation backed currency.

Reply

Abbreviations without full expansion are bad. AA?

Here in the USA (United States of America) that’s either Alcoholics Anonymous or American Airlines. A PII breach of either would be embarrassing, especially the former.

“…customers of the motoring organisation’s online shop….” Here in the USA that’s AAA (American Automobile Association, commonly pronounced Triple-A). I wonder where the one you’ve written about is. Based on the (mis)spelling of “organization” I’m guessing the UK or Oz.

Reply

The AA is actually the name of the organisation, I’m afraid. It used to stand for Automobile Association, which is perhaps a little clearer.

Reply

I agree with Laurence in general. Undefined abbreviations often detract from the message. But if AA is the name of the company, it should not have “The” in front of it.
You would not write “The BP blamed a server misconfiguration”, would you? (BP is no longer an abbreviation, since British Petroleum changed its name to BP.) Companies who change their names to abbreviations should not do so if there are other organisations with the same initials.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!