Troy Hunt

OCTOBER 2, 2020

The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack. All I needed was for Scott to create an account and let me know the email address he used which in this case, was test@scotthelme.co.uk. Full account takeover.

Accountability 363

Accountability Hacking Passwords InfoSec 363

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 289

Accountability Hacking Media Mobile 289

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Scams 97

Scams Cryptocurrency Accountability Hacking 97

Security Boulevard

APRIL 15, 2024

Almost 600,000 Roku customers had their accounts hacked through two credential stuffing attacks several weeks apart, illustrating the ongoing risks to people who reuse passwords for multiple online accounts. The post Roku: Credential Stuffing Attacks Affect 591,000 Accounts appeared first on Security Boulevard.

Accountability 111

Accountability Passwords Risk Hacking 111

Bleeping Computer

MARCH 15, 2024

The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. [.]

Accountability 124

Accountability Hacking 124

Bleeping Computer

JANUARY 30, 2024

Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. [.]

Accountability 101

Accountability Hacking 101

Bleeping Computer

JANUARY 9, 2024

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [.]

Accountability 117

Accountability Hacking Government 117

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 99

Accountability Scams Hacking Cryptocurrency 99

Security Boulevard

MARCH 10, 2024

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part.

Media 73

Media Accountability Hacking Malware 73

Bleeping Computer

AUGUST 15, 2023

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. [.]

Accountability 98

Accountability Hacking 98

Krebs on Security

MAY 18, 2019

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Accountability 220

Accountability Hacking Backups Passwords 220

Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 243

Hacking Government Accountability Technology 243

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.]

Cryptocurrency 129

Cryptocurrency Scams Accountability Hacking 129

SecureWorld News

JANUARY 10, 2024

Securities and Exchange Commission's (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency's cybersecurity practices. Bud Broomhead, CEO of Viakoo, emphasized the broader lessons learned from the hack.

Accountability 91

Accountability Hacking Marketing Cryptocurrency 91

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking 244

Hacking Accountability Passwords Cybersecurity 244

The Hacker News

JANUARY 3, 2024

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached.

Scams 88

Scams Accountability Hacking Cryptocurrency 88

Security Boulevard

JANUARY 23, 2024

The bad actor who hacked into the X account of the Securities and Exchange Commission earlier this month gained access through a SIM swapping attack on the agency’s phone linked to the account. The post SEC X Account Hack is a Case of SIM Swapping appeared first on Security Boulevard.

Accountability 76

Accountability Hacking Wireless Scams 76

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media 76

Media Accountability Hacking Scams 76

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. ” reads the press release published by the company.

Accountability 99

Accountability Passwords Data breaches Authentication 99

The Hacker News

MARCH 25, 2024

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of

Passwords 93

Passwords Hacking Accountability Software 93

Graham Cluley

FEBRUARY 28, 2024

Matthew Perry's official Twitter account was hijacked by scammers this week who attempted to solicit donations from well-meaning fans of the much-loved late actor. The post asked for cryptocurrency donations "to support our mission in battling addiction." Read more in my article on the Hot for Security blog.

Cryptocurrency 94

Cryptocurrency Accountability Hacking Scams 94

The Hacker News

JANUARY 10, 2024

The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group.

Accountability 86

Accountability Hacking Authentication Passwords 86

Bleeping Computer

MARCH 6, 2024

Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [.]

Accountability 106

Accountability Retail Hacking Passwords 106

We Live Security

SEPTEMBER 26, 2022

Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again). The post What happens with a hacked Instagram account – and how to recover it appeared first on WeLiveSecurity.

Accountability 145

Accountability Hacking 145

Bleeping Computer

JANUARY 3, 2024

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [.]

Cryptocurrency 118

Cryptocurrency Scams Accountability Hacking 118

Bleeping Computer

SEPTEMBER 7, 2022

Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website. [.].

Accountability 135

Accountability Hacking 135

Bleeping Computer

JANUARY 8, 2024

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [.]

Accountability 123

Accountability Cryptocurrency Scams Hacking 123

Heimadal Security

OCTOBER 28, 2022

The American news outlet New York Post confirmed today that it was hacked after threat actors used their website and Twitter account to publish offensive headlines and tweets directed at U.S. New York Post took to Twitter to make the announcement about the hack after it deleted all the offensive tweets targeted […].

Accountability 107

Accountability Hacking Cybersecurity 107

Bleeping Computer

JANUARY 26, 2024

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. [.]

Accountability 139

Accountability Hacking 139

Bleeping Computer

MAY 18, 2023

The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking into the accounts of around 60,000 users of the DraftKings sports betting website in November 2022. [.]

Accountability 112

Accountability Hacking 112

Bleeping Computer

APRIL 11, 2024

federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [.] CISA has issued a new emergency directive ordering U.S.

Risk 123

Risk Hacking Accountability 123

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 131

Accountability Hacking Banking Government 131

Bleeping Computer

NOVEMBER 29, 2023

million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft. [.] Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2

Accountability 90

Accountability Hacking Cryptocurrency 90

Security Affairs

FEBRUARY 29, 2024

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. Use this code to log in/reset the FB account password for the user account.”

Accountability 144

Accountability Passwords Hacking Information Security 144

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. Scavuzzo said the administrator’s account was hijacked even though she had multi-factor authentication turned on.

Hacking 269

Hacking Scams Accountability Cryptocurrency 269

Security Affairs

JANUARY 10, 2024

Threat actors hacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish the fake news on the Bitcoin ETF approval. Hackers hijacked the X account of the US Securities and Exchange Commission (SEC) and used it to publish fake news on the Bitcoin ETF approval. ” Gensler wrote.

Accountability 98

Accountability Hacking Cryptocurrency Surveillance 98

Graham Cluley

JANUARY 10, 2024

The safety team at Twitter has responded to the high profile hack of the SEC Twitter account, which made headlines around the world. And what do they have to say? Well, in a nutshell - "it's not our fault. They lost control of their mobile phone number and didn't have 2FA enabled."

Accountability 82

Accountability Hacking Mobile 82