Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 271

Hacking Social Engineering Phishing Scams 271

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile 294

Mobile Phishing Authentication Accountability 294

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords 265

Passwords Encryption Password Management Cryptocurrency 265

Krebs on Security

FEBRUARY 4, 2021

.” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes. WHAT YOU CAN DO.

Accountability 303

Accountability Hacking Media Mobile 303

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. 13, 2018 bomb threat hoax. domaincontrol.com, and ns18.domaincontrol.com.

DNS 237

DNS Internet Internet Computers and Electronics 237

Krebs on Security

APRIL 14, 2019

The fake site simply forwards all requests on this page to Airbnb.com, and records any usernames and passwords submitted through the site. This 2018 story from travel blog goatsontheroad.com tells the tale of a couple that was very nearly scammed by a Land Lordz-like trap, before the wife figures out they’re no longer on airbnb.com.

Scams 245

Scams Advertising Accountability Phishing 245

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 350

Cryptocurrency Passwords Encryption Accountability 350