Security expert Brian Krebs broke the story of the now-infamous Target data breach. Here are a few other potentially huge security problems he's keeping a watchful eye on.
Sally Beauty Breach Expanding
The number of customers affected by the Sally Beauty data breach may be as much as 10 times higher than the retailer is currently estimating, according to security expert Brian Krebs.
Krebs located a batch of 282,000 stolen credit and debit cards for sale via a popular underground website. Though Sally estimates that "fewer than 25,000" cards have been affected by the breach, Krebs believes most of the stolen cards in that batch are linked to the Sally breach.
By analyzing the zip codes associated with the cards that are confirmed as compromised, Krebs concludes that all 2,600 Sally Beauty locations have likely been affected by the breach. Based on the time lapsed between the cards appearing for sale and the discovery of the breach, he says it is unlikely that number of locations would only have about 10 compromised transactions per store.
Krebs also says that this batch of stolen cards is probably not the last one associated with the breach. This means that, according to Krebs, the confirmed 25,000 cards is only the beginning.
Krebs used this same technique to estimate the scope of the Target data breach.
Possible Data Breach at California DMV
The California Department of Motor Vehicles may have suffered a data breach, according to Krebs.
Several banks in California and elsewhere received an alert from Mastercard about potentially compromised cards that had been used for charges noted as being from the California DMV.
A DMV representative told Krebs that there is no evidence of a direct breach of the agency's computer systems. There is an ongoing investigation with state and federal law enforcement about "any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves."
If the California DMV indeed has suffered a breach, it’s not clear how many customers have been affected.
Microsoft Word Users Vulnerable to Security Attacks
A security hole in Microsoft Word is leaving some users open to attacks, Krebs reports. This type of lapse in security can make users vulnerable to identity theft and bank fraud schemes.
The vulnerability targets Word 2010 users, but is also present in Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011. Users are open to this malicious code even if the attackers' specially crafted text file is just previewed in an email message on Microsoft Outlook.
Microsoft advises implementing security updates immediately. Additionally, Krebs recommends securing your email client, like Outlook, by configuring emails to display in text only.