A data breach notice filed with Maine’s attorney general said the fashion giant was hacked over a three-month period beginning early January 2023, during which intruders obtained files from its systems. This data included the personal information of current and former employees, said Lorena Terroba Urruchua, a spokesperson for Forever 21 via public relations firm FTI Consulting, in an email to TechCrunch.
Research by ESET found that the Android app, “iRecorder — Screen Recorder,” introduced the malicious code as an app update almost a year after it was first listed on Google Play. The code, according to ESET, allowed the app to stealthily upload a minute of ambient audio from the device’s microphone every 15 minutes, as well as exfiltrate documents, web pages and media files from the user’s phone.
According to TikTok, "many of the major components of Project Texas are already operational, and we will continue bringing more parts of the initiative online in the coming weeks and months." This comes amid continued scrutiny of the service by the US government, and an impending ban of the service in Montana (TikTok has sued to stop the latter).
WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.
The team at the newly popular Twitter alternative Hive is in over its head. The company has now taken the fairly radical step of fully shutting down its servers for a couple of days in response to concerns raised by security researchers who discovered a number of critical vulnerabilities on Hive, several of which they say remain unfixed. The issues they found would allow attackers access to all data, including private posts and messages, shared media and even deleted direct messages, as well as the ability to edit other people’s Hive posts.
“Blizzard originally made SMS Protect, which requires players to link a phone number to their Battle.net accounts, a requirement to access Overwatch as a way to make it harder for people to cheat or to troll others. It doesn’t always work with numbers associated with prepaid plans, though, and therein lies the problem. While some Mint customers were able able to link their numbers to SMS Protect just fine, players on Cricket seem to be completely locked out of the game. As Kotaku reports, fans feel like they’re being punished or shamed for ‘being poor.'”
Rockstar Games has confirmed that it recently “suffered a network intrusion” that resulted in the massive leak of 90 videos of early development versions of Grand Theft Auto 6. The company said in an official statement on Monday morning that the intrusion resulted in “an unauthorized third party illegally” accessing and downloading “confidential information from our systems,” though it adds that they don’t anticipate this will have any effect on its ongoing live game services or development timeline.
