Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords 259

Passwords Encryption Password Management Cryptocurrency 259

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services.

Accountability 339

Accountability Mobile Banking Passwords 339

Krebs on Security

JANUARY 17, 2019

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. As we can see above, Collection #1 offered by this seller is indeed 87GB in size.

Passwords 53

Passwords Accountability Hacking Password Management 53

Security Affairs

JANUARY 6, 2019

A misconfigured AWS S3 bucket is the root cause of a data leak that impacted 2.4 Blur is a popular password manager developed by the online privacy firm Abine, it also implements private browsing features and masked email. Last week Abine disclosed a data leak that potentially exposed personal information of Blur users.

Passwords 93

Passwords Password Management Advertising Accountability 93

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. On the other hand, the CPRA relies on opt-out consent.

Data collection 52

Data collection Data breaches Password Management Data privacy 52

Security Affairs

SEPTEMBER 25, 2018

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. The experts detected 8.3 billion per month. billion attempts).

Passwords 82

Passwords Data breaches Advertising Password Management 82

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Cryptocurrency 347

Cryptocurrency Passwords Encryption Accountability 347

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. The first domain was “ ns0.idm.net.lb

DNS 265

DNS Internet Internet Government 265

Troy Hunt

JANUARY 16, 2019

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Security Affairs

AUGUST 27, 2020

The timeline of uploads might indicate that these emails have been either stolen or acquired on the black market back in October 2018 , and then gradually decrypted by the owner of the bucket. Attackers can also combine the leaked email addresses with data from other breaches and build more detailed pictures of their potential targets.

Social Engineering 128

Social Engineering Passwords Marketing Phishing 128

Troy Hunt

NOVEMBER 19, 2020

txt" had a small number of email address and password hex pairs. This same pattern appeared over and over again across the other archives and it gives us a pretty good idea of what the data was intended for: credential stuffing. A substantial number, although not even in the top 10 largest breaches already in HIBP.

Passwords 363

Passwords Password Management Accountability Risk 363

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords!

Password Management 265

Password Management Passwords Data breaches Retail 265

Malwarebytes

JUNE 3, 2022

By focusing on this context, we hope that you’ll come away with a stronger understanding about, for instance, why you should use a password manager rather than that you should use a password manager. A video of Kanye West from 2018 purportedly revealed that the rapper and producer’s iPhone passcode was 000000.

Internet 127

Internet Internet Scams Passwords 127

Malwarebytes

MARCH 17, 2021

Several effective Mac-facing miners joined the crypto-rush in 2018. In the 2020 State of Malware Report, Malwarebytes researchers found that Mac malware—primarily backdoors, data stealers, and cryptominers—had risen by 61 percent over the previous year. There was KeRanger ransomware in 2016.

Malware 101

Malware Adware Software Passwords 101

Troy Hunt

JULY 12, 2018

Over recent weeks, I've begun planning the release of the 3rd version of Pwned Passwords. If you cast your mind back, version 1 came along in August last year and contained 320M passwords. It's not a trivial task - crunching the data, updating the counts, dumping it into different formats, uploading tens of GBs (over Aussie internet.),

Passwords 129

Passwords Password Management Data breaches Internet 129

eSecurity Planet

DECEMBER 7, 2023

Cryptographic keys can be random numbers, products of large prime numbers, points on an ellipse, or a password generated by a user. The first is data encrypted throughout the lifecycle of use, which is currently more of a goal than a common practice. The second is data encrypted throughout a transmission from one device to another.

Encryption 110

Encryption Passwords IoT Firewall 110

Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach.

Passwords 273

Passwords Data breaches Password Management Accountability 273

Malwarebytes

MAY 19, 2021

What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” Do they even know they have been breached?

Passwords 123

Passwords Data breaches Government Accountability 123

Adam Levin

FEBRUARY 13, 2019

According to Dailymotion, the attack took the form of a guessing game of sorts, the passwords of some Dailymotion accounts being drawn from a huge number of known login/password combinations, or by using passwords stolen from websites unrelated to Dailymotion. The data used in these attacks could be from different places.

Risk 100

Risk Data breaches Passwords Password Management 100

ForAllSecure

JANUARY 19, 2022

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Maybe you are at an organization that requires you to change your passwords every 90 days or so, and so you have password fatigue -- there are only so many variations you can do every 90 days or so. I must have the password.

Passwords 52

Passwords Authentication Mobile Password Management 52

BH Consulting

FEBRUARY 15, 2024

Its findings included data from Irish businesses, which ranked cyber attacks and data breaches as their top risk they face. Passwords: can’t live with ’em, can’t access vital online services without ’em Passwords were in the news again lately, for all the wrong reasons. million users. It’s downloadable here.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Troy Hunt

FEBRUARY 11, 2019

The 773 Million Record "Collection #1" Data Breach On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". rows of email addresses and passwords in total, but only 1.6B The exposed data included email addresses and passwords stored as salted MD5 hashes. There were 2.7B

Passwords 209

Passwords Data breaches Media InfoSec 209

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

SEPTEMBER 14, 2018

Operator at kayo.moe found a 42M Record Credential Stuffing Data containing email addresses, plain text passwords, and partial credit card info. A huge archive containing email addresses, plain text passwords, and partial credit card data has been found on a free anonymous hosting service, Kayo.moe. Pierluigi Paganini.

Data breaches 97

Data breaches Passwords Advertising Password Management 97

SiteLock

AUGUST 27, 2021

In fact, Ponemon Institute reported that 73% of small businesses that suffered a ransomware attack in 2018 did not pay the ransom because. An automated backup solution can ensure that all the data from your devices and server is backed up regularly. According to Ponemon, 60% of data breaches can be linked to negligence.

Ransomware 98

Ransomware Small Business Backups Encryption 98

Troy Hunt

MAY 29, 2018

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches via both a downloadable file and an online service. 1Password. Thank you, @troyhunt ??

Passwords 238

Passwords Accountability Data breaches Password Management 238

eSecurity Planet

JANUARY 27, 2022

Dashlane Password Manager provides companies with everything they need to onboard new employees, manage permissions and monitor security issues all from one place. Cisco’s acquisition of Duo Security in 2018 gave the networking giant a strong presence in both IAM and zero trust. Learn more about Twingate.

Authentication 128

Authentication Artificial Intelligence Technology Marketing 128

Troy Hunt

FEBRUARY 14, 2018

Getting to the point of all this, the other day I shared a couple of tweets: Tempted to write a smack down on the use of this term versus the reality of where these breaches are sourced from, what do you think? — Troy Hunt (@troyhunt) February 1, 2018. Or take the CloudPets situation - exposed Mongo DB with no credentials on it.

Data breaches 204

Data breaches Passwords Marketing Hacking 204