article thumbnail

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. LastPass sent this notification to users earlier this week.

Passwords 336
article thumbnail

US charges hacker for breaching brokerage accounts, securities fraud

Bleeping Computer

Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000. [.].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. ” Indeed, the theft of $100,000 worth of cryptocurrency in July 2018 was the impetus for my interview with REACT. million customers. ” Sgt.

Mobile 277
article thumbnail

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

.” The exposed information may have included customers’ full name, address, email address, account number, social security number, customer account personal identification number (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed associated with the account.

Mobile 134
article thumbnail

Pwned Passwords, Version 5

Troy Hunt

I wrote about a bunch of them last year in my post on Pwned Passwords in Practice , but it's the work they've done at EVE Online that really stands out: More @EveOnline account security improvements are now live with some nice things from our friends at @1Password. Consistently, I'm hearing the results of this exercise are.

Passwords 273
article thumbnail

SEC Sanctions Several Companies over Email Account Hacking

Hacker Combat

SEC penalized Cambridge Investment Research because more than 121 of their email accounts were hacked between 2018 January and 2021 July. SEC reiterated that Cambridge Investment Research discovered the first breach in 2018 January but took no action to boost email account security until 2021. .

article thumbnail

FEC: Campaigns Can Use Discounted Cybersecurity Services

Krebs on Security

ruling that the software giant could offer “enhanced online account security services to its election-sensitive customers at no additional cost” because Microsoft would be shoring up defenses for its existing customers and not seeking to win favor among political candidates. .”