Walgreen, McDonald’s say e-mail databases breached
Tuesday, December 14, 2010
SAN FRANCISCO (AP) — Walgreen Co., McDonald’s and Twitter reported unrelated security breaches Monday.
Walgreen said hackers who gained access to a list of customer e-mail addresses may have sent spam directing customers to enter personal data into outside websites.
McDonald’s said private information that customers supplied when signing up for online promotions or subscriptions was exposed when a subcontractor improperly handled the data.
And Twitter said hackers broke into an unspecified number of its users’ accounts and sent spam promoting acai berry drinks.
Twitter said the hackers used passwords harvested in an earlier breach at Gawker Media, which runs Gawker, Gizmodo and other technology and media sites. Gawker warned subscribers Sunday that its database had been hacked and urged them to change their passwords. Twitter reset passwords it suspects were compromised.
Twitter said only a small share of its 175 million users were affected, though it didn’t know how many.
The breach highlighted the danger in using a single password for multiple online accounts.
Attacks via networking sites like Twitter and Facebook are popular because they can make spam look as though it was sent by friends, but the effect is similar when spam or data-seeking e-mail seems to come from a trusted merchant.
Walgreen would not say how many customers were affected but told customers that no personal information beyond e-mail addresses was exposed.
“Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the e-mail system, and no access was gained to Walgreen’s consumer data systems,” Walgreen told customers.
Both McDonald’s and Walgreen reminded customers they do not seek personal or financial information by e-mail and cautioned against ever responding to such requests.