Hackers Infiltrate Anti-Surveillance Site, Crack Parts of LastPass and Phish in N.D.

ShutterPNPhotography/Shutterstock.com

Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches:

Microsoft Corp. Site Promoting Anti-Surveillance Policies Compromised

Malicious advertisers, not spies, seem to be responsible for embedding links to casino-related webpages on the website.

The site, “Digital Constitution,” which launched mid-2013 after revelations about domestic spying were leaked by ex-intelligence contractor Edward Snowden, has become a platform for Microsoft's corporate views on government surveillance.Now, though, at the top of the site, there is injected text with keywords -- like "casino,” "blackjack,” and "roulette” -- typically used to generate voluminous search engine hits.

LastPass Password Locker Has Been Compromised – But Don’t Freak Out

The online password manager stores all of a person’s passwords in one location, creating a single point of failure. However, with this newly discovered breach, it seems unlikely hackers, so to speak, broke the bank.  

LastPass says there is “no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”

North Dakota Government System Penetrated by Suspected Criminals

A server holding files from the state’s Workforce Safety and Insurance agency was breached, but officials claim it is unlikely personal information was exfiltrated.

On May 29, unusual activity was identified on the machine. The IT department notified the agency about the incident June 10.

Fraudsters Nab Info on 150 People At U. of Michigan and Go Phishing

After compromising email accounts of some students and staff, scammers, posing as the IRS, sent the victims bogus emails in an attempt to steal even more of their personal information. 

Recipients who clicked on a link in the email messages were tricked into divulging data such as their names, dates of birth, Social Security numbers and passwords. 

The sham emails request that the recipient "validate" personal information by entering it into the phony forms. But the data actually is being collected by criminals.

(Image via ShutterPNPhotography/ Shutterstock.com)