Passwords and Personal Security - Cyber Security Informer

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack.

Passwords

Passwords Accountability Hacking Education

Chart a course to the passwordless future on World Password Day

SC Magazine

MAY 6, 2021

Today’s columnist, Jasson Casey of Beyond Identity, offers a path for security teams to move off shared secrets and embrace a passwordless world. It’s World Password Day, do the company’s users still rely on passwords? Has the security team replaced them? Eliminate passwords.

Passwords

Passwords Authentication Identity Theft Risk

The Data Breach "Personal Stash" Ecosystem

Troy Hunt

JANUARY 29, 2024

For example, here's Jordan's go at deflecting his role in the ecosystem and yes, this was the entire terms of service: I particularly like this clause: You may only use this tool for your own personal security and data research. You may only search information about yourself, or those you are authorized in writing to do so.

Data breaches

Data breaches Passwords Advertising Personal Security

What Are the Risks of a Data Breach?

Identity IQ

MAY 13, 2024

How to Help Protect Yourself from a Data Breach While the threat to your personal security can be extremely unsettling, regular privacy scans, strong passwords and authentication, updated software, and being mindful as to what you share online, are major preventative measures you can practice daily to significantly help mitigate this risk.

Data breaches

Data breaches Risk Identity Theft Passwords

No, Spotify Wasn't Hacked

Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. No, and the passwords are the very first thing that starts to give it all away. The attack is simple but effective due to the prevalence of password reuse. Clearly a Spotify breach, right? Billions of them, in some cases.

Hacking

Hacking Passwords Accountability Data breaches

Mother of all Breaches may contain NEW breach data

Malwarebytes

JANUARY 31, 2024

These shady services, Hunt says, allow interested parties, including criminals, to access records that contain usernames, passwords (including in clear text), email addresses, and IP addresses. It has Terms of Service that include: You may only use this service for your own personal security and research.

Data breaches

Data breaches Identity Theft Passwords Internet

Weekly Update 125

Troy Hunt

FEBRUARY 8, 2019

But moving forward, it's Microsoft Ignite in Sydney next week and that should be a great event, plus I'm talking about Google's Password Checkup extension and the other credential stuffing list "collections" I keep getting asked about. Twilio is sponsoring my blog this week (they're talking about the PSD2 reg in the EU).

Passwords

Passwords Personal Security

Intimate Partner Threat

Schneier on Security

MARCH 5, 2018

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password.

Passwords

Passwords Accountability Authentication Personal Security

Relax. Internet password books are OK

Malwarebytes

APRIL 1, 2021

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. Others involve syncing passwords with services such as Dropbox. The big book of passwords.

Passwords

Passwords Internet Internet Password Management

Low Hanging Fruit Ninja: Slashing the Risks of the Human Element

Security Boulevard

AUGUST 20, 2021

A long time ago in a galaxy far, far away, I was not a Security Consultant. And I worked as a corporate Chef for an organization that required very long, complex passwords that had to change every 90 days and could not match your last 6 passwords. I was a Chef. I was super busy, ….

Risk

Risk Passwords Penetration Testing Social Engineering

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

NOVEMBER 22, 2021

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. But simpler passwords are much easier to hack.

Passwords

Passwords Password Management Accountability Data breaches

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

APRIL 26, 2021

I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. The leading B2C VPNs all recognize this and have begun promoting the use of personal VPNs as, essentially, a DIY security tool. Related: Privacy war: Apple vs. Facebook.

B2C

B2C VPN Marketing Antivirus

PCI v4 is coming. Are you ready?

Pen Test Partners

SEPTEMBER 13, 2023

businesses gain the flexibility to define and deploy personalized security measures aligned with their specific cardholder data environment (CDE) setup. The innovative Customised Approach empowers well-established organisations to intricately specify their existing security controls to fulfil the objectives for each requirement.

Authentication

Authentication Passwords Media Encryption

10 Steps to Business Cybersecurity

SiteLock

AUGUST 27, 2021

The most effective security is based on multiple layers of perimeter security, so that if one layer fails you’re still well protected. For example, if you have a policy that prohibits employees from sharing their passwords with other employees, create a fake email that asks employees to confirm their passwords.

Cybersecurity

Cybersecurity Small Business Mobile Passwords

National Cybersecurity Awareness Month – What it Really Means for WordPress Users

SiteLock

AUGUST 27, 2021

If you’re not taking your personal security seriously at every level, that misstep might allow others to gain access to your personal information (like your website login details), and act maliciously to spread their negative results to others. Simple Security Steps to Implement Today. WordPress starts with people.

Cybersecurity

Cybersecurity Small Business Cybercrime Internet

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches

Data breaches Passwords Password Management Accountability

Be Wary of Scammers in the Holiday Season

Security Through Education

DECEMBER 21, 2022

In October, Cybersecurity Awareness Month taught us the importance of safe practices such as the use of multifactor authentication, strong passwords, and VPNs. Only through learning about the tactic’s scammers use can we truly continue to improve our own personal security.

Scams

Scams Phishing Social Engineering Risk

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Krebs on Security

DECEMBER 16, 2021

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many financial institutions and online services rely on text messages to send users a one-time code for multi-factor authentication. Reached for comment, Terpin said his assailant got off easy.

Cryptocurrency

Cryptocurrency Mobile Accountability Scams

The 42M Record kayo.moe Credential Stuffing Data

Troy Hunt

SEPTEMBER 13, 2018

In May last year, I loaded more than 1 billion records from other incidents very similar to this and the real risk it poses to people is that if they've reused their password in multiple places, each of those accounts is now in jeopardy if the username and password appears in one of these lists. Can I provide the password used?

Passwords

Passwords Password Management Data breaches Accountability

Malwarebytes consumer product roundup: The latest

Malwarebytes

NOVEMBER 22, 2023

This allows you to password protect your software so that it can’t be removed remotely. This dashboard provides an easy-to-understand assessment of your computer’s security with a single comprehensive protection score, and clear, expert-driven advice. Here are the innovations we’ve made in our products recently. Trusted Advisor.

Identity Theft

Identity Theft Insurance VPN Mobile

CLEANING UP THE CLUTTER (Pt. 5 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

NOVEMBER 4, 2022

The first pass of your delete list might well be longer than a CVS receipt, because these days the average person has 100 password-protected accounts to manage, but don’t worry!

Accountability

Accountability Marketing B2B Media

Customer Q and A: Advantasure Developers Talk AppSec

Security Boulevard

FEBRUARY 1, 2021

Vladimir : All team members should pay attention to the security of the code they write, but at least one person per team should see the bigger picture throughout the product lifecycle and be responsible for security overall. Personally, security training helps me learn new security attacks and stay up to speed.

Engineering

Engineering Software Technology Risk

Customer Q and A: Advantasure Developers Talk AppSec

Veracode Security

FEBRUARY 1, 2021

Vladimir : All team members should pay attention to the security of the code they write, but at least one person per team should see the bigger picture throughout the product lifecycle and be responsible for security overall. Personally, security training helps me learn new security attacks and stay up to speed.

Engineering

Engineering Software Technology Risk

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Class breaks are endemic to computerized systems, and they're not something that we as users can defend against with better personal security. It didn't matter whether individual accounts had a complicated and hard-to-remember password, or two-factor authentication.

Hacking

Hacking Banking Accountability Government

Cyber Security Informer

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Chart a course to the passwordless future on World Password Day

Trending Sources

The Data Breach "Personal Stash" Ecosystem

What Are the Risks of a Data Breach?

No, Spotify Wasn't Hacked

Mother of all Breaches may contain NEW breach data

Weekly Update 125

Intimate Partner Threat

Relax. Internet password books are OK

Low Hanging Fruit Ninja: Slashing the Risks of the Human Element

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

PCI v4 is coming. Are you ready?

10 Steps to Business Cybersecurity

National Cybersecurity Awareness Month – What it Really Means for WordPress Users

The 773 Million Record "Collection #1" Data Breach

Be Wary of Scammers in the Holiday Season

NY Man Pleads Guilty in $20 Million SIM Swap Theft

The 42M Record kayo.moe Credential Stuffing Data

Malwarebytes consumer product roundup: The latest

CLEANING UP THE CLUTTER (Pt. 5 of “Why Don’t You Go Dox Yourself?”)

Customer Q and A: Advantasure Developers Talk AppSec

Customer Q and A: Advantasure Developers Talk AppSec

On the Twitter Hack

Stay Connected