Breach Brief – Landry’s Restaurants, Zynga Apps, Facebook

Breach Brief – Landry’s Restaurants, Zynga Apps, Facebook

Landry’s restaurant chain has announced a data breach of its extensive chain of eateries.

Based in Houston Landry”s owns and operates more than 60 restaurant chains nationwide. The company wrote that the data breach likely affected cards swiped between March 13 and Oct. 17, 2019.

It is likely you have eaten in Landry’s owned established since March of last year. To see the list of their more than 600 restaurants click here.

According to Landry’s the breach most likely happened when servers swiped customers’ credit cards in machines intended to submit food and drink orders to the kitchen and bar, as opposed to separate machines used on “point-of-sale terminals.”

The company said Landry’s Select Club rewards were not involved in the potential breach.

Landry’s advised customers who think they might have been impacted to monitor their credit card statements.

In announcement on its website Landry’s states that it is investigating the incident and has enlisted the help of a leading cyber security firm to assist. The firm was not named. The company also stated that its payment card encryption system worked as designed and that payment card information is safe. However Landry’s did admit that in a few situations waitstaff may have mistakenly swiped payment cards on the order-entry systems. The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems.

Zynga Apps

If you play Words with Friends, Farmville, Hit the Rich, Slots, CSR Racing or Zynga Poker you need to be on the alert.

According to HaveIBeenPwned Zynga was hit with a serious data breach in September 2019. How serious? How about 173 million email addresses, usernames, and passwords. 

Zynga did admit to the hack in September but said nothing until last week about the number of accounts that had been compromised.

So why did Zynga wait so long to tell users? The company’s answer? “No comment.” referring the media to the statement it made in September.

According to The Hacker News and sample data from Gnosticplayers, stolen users’ information includes:

  • Names
  • Email addresses
  • Login IDs
  • Password reset token (if ever requested)
  • Phone numbers (if provided)
  • Facebook ID (if connected)
  • Zynga account ID

According to Zynga no financial information was lost to the hack.

Facebook

Yet again Facebook has reported a data breach. And this one is huge? A cyber security researcher announced that 267 million Facebook users, including user names, phone numbers and Facebook IDs have been exposed online.

According to Bob Diachenko, a cyberthreat intelligence director at Security Discovery based in Ukraine, the data came mostly from U.S. Facebook users and was posted on a searchable database by a group that appeared to be based in Vietnam. The Vietnamese group appeared to be charging for access to the data, but a flaw in their code inadvertently left the database open to all.

Facebook responded by saying the company was looking into the issue. Facebook claims that the information was likely obtained before Facebook made recent changes to better protect people’s information.

Diachenko said that the exposed information, if cross referenced with other databases, could be used for sophisticated spam or phishing attacks. “This is pretty significant because you can start getting a full profile of a person,” Diachenko said of the data.

Diachenko said he contacted the Internet service provider hosting the database and it was removed.