1 reply to this topic

[CNJRoss]

Cybernews, 6/18/24

Amtrak discloses data breach, users urged to reset passwords

 

US passenger railroad service Amtrak, which operates intercity rail services in nearly all states, has started informing some customers of a data breach.

 

“We recently learned that an unauthorized party may have used your login credentials to gain access to your Amtrak Guest Rewards account,” the company said.

 

The unusual activity was observed between May 15th, 2024, and May 18th, 2024. Amtrak insists that login credentials were likely obtained from third-party sources rather than Amtrak’s systems.

 

The data breach notification letter to the authorities in Massachusetts doesn’t disclose how many customers might have been affected by the security incident.

 

Continue here.  

[CNJRoss]

The Register, London, UK 6/19/24

 

Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs

 

Railco goes full steam ahead with notification letters to Rewards users about spilled card details and more

 

US rail service Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their individual account security. 

 

The three-day attack took place between May 15-18. Miscreants were breaking into accounts using valid credentials that were sourced from "third-party sources," said Amtrak, which added there was no reason to believe its own systems were compromised.

 

In other words, credential stuffing: That's where scumbags get hold of people's usernames and passwords from one compromised database or system, and use them to unlock access to accounts at other places where netizens have reused the same credential combination. That's why everyone's encouraged to use unique passwords per account as well as multi-factor authentication. 

 

 

Continue here.