Infected online chat service stole payment info at Best Buy, Delta, Sears, more

Online chat service provider [24]7.ai, used by Delta, Best Buy, and numerous other companies faced a “cyber incident” from September 26 to October 12, 2017. The company didn’t notify its list of clients until last month, stating that hackers may have accessed “certain customer payment information.” SkyMiles, personal data, passport details, and other similar information was not compromised. 

In response, Delta said it took immediate action to assess the possible damage. 

“Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system,” Delta stated. “We also engaged federal law enforcement and forensic teams and have confirmed that the incident was resolved by [24]7.ai last October.” 

[24]7.ai discovered malware collecting payment information in its software on October 12, 2017. The chat service provider implemented a fix immediately, and then conducted an internal investigation with forensics and law enforcement between November 2017 and March 2018. Delta didn’t know about the incident until March 28 and removed the chat tool from its website the next day. Both [24]7.ai and Delta informed the public on April 4. 

The hack possibly affects only a “small subset” of Delta’s customers, but the company can’t confirm if customer data was actually accessed by hackers and compromised. The investigation is ongoing, thus Delta launched a dedicated website to provide the latest developments in the [24]7.ai attack. 

Delta’s site specifically states that malware present in software used by [24]7.ai potentially exposed payment information of several hundred thousand customers using Delta’s PC-accessed website. Even more, customers didn’t have to interact with the chat tool to be hit by the hack. The attack did not affect the Fly Delta app, the mobile website, or Delta’s computers. 

So what did the hackers obtain? Customer names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers who used the Delta Wallet service weren’t affected, as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information. 

“Delta will be working diligently to directly contact customers, including by first-class postal mail, who may have been impacted by the [24]7.ai cyber incident,” Delta states. “Delta will also launch a dedicated phone line and website for the small subset of customers who were impacted so we can address their concerns.” 

Other companies affected by the [24]7.ai cyber incident include Best Buy, Sears Holdings Corp., and more. Sears said it wasn’t notified of the breach until mid-March and believes that the hack affected less than 100,000 customers. Upon notification, Sears informed credit card companies to prevent possible fraud. 

“Customers using a Sears-branded credit card were not impacted,” the company states in a blog. “In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.” 

Best Buy says only a small fraction of its online customer population “could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” 


After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Movies & TV

MoviePass returns to unlimited movies plan, but with plenty of restrictions

Troubled subscription-based movie service MoviePass is making headlines on a daily basis lately, and not in a good way. Here's a timeline of events for the company once described as Netflix for movie theaters.

Google Fi: Phones, plans, pricing, perks, and more explained

Google's wireless service, formerly Project Fi, now goes by the name of Google Fi, and it's now compatible with a majority of Android phones, as well as iPhones. Here's everything you need to know about Google Fi.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. But with so many subreddits to choose from, exploring them can be overwhelming. Here are some of the best subreddits to get you started.

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.

You can now listen to Google Podcasts on your desktop without the app

The Google Podcasts app is no longer entirely necessary to listen to the podcasts it offers. With a simple tweak of the sharing URL, you can listen to a Google Podcasts podcast on your desktop or laptop without the app.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Movies & TV

Apple’s next big event is set for March 25: Here’s what you can expect

Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its services, including Apple TV, so follow our guide to get ready for the big event.