Cybercrime, Password Management and Passwords

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

MAY 4, 2021

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords

Passwords Cybercrime Accountability Password Management

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

NOVEMBER 22, 2021

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Passwords

Passwords Password Management Accountability Data breaches

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Accountability

Operation Endgame

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. The only data we've been provided with is email addresses and disassociated password hashes, that is they don't appear alongside a corresponding address.

Passwords

Passwords Password Management Data breaches Cybercrime

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

Password manager hijacked to deliver malware in supply chain attack

Malwarebytes

APRIL 27, 2021

In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios.

Password Management

Password Management Passwords Malware Retail

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

The Silent Breach: How E-Waste Fuels Cybercrime

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime? It's time to change it.

Cybercrime

Cybercrime Computers and Electronics Passwords Hacking

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Security Affairs

MARCH 10, 2025

This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. DoJ, threat actors may have used private keys extracted by cracking the victim’s password vault stolen from the 2022 security breach suffered by an online password manager.

Password Management

Password Management Cryptocurrency Passwords Data breaches

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. ” continues the analysis.

Password Management

Password Management Passwords Malware Marketing

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords

Passwords Password Management Education Accountability

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

This surge highlights a broader trend toward automation in cybercrime and signals that no email platform is immune. Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks.

Phishing

Phishing Artificial Intelligence Password Management Accountability

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business

Small Business Cybersecurity Passwords Scams

Russian Infostealer Gangs Steal 50 Million Passwords

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Millions in Cybercrime Profit. Don’t save passwords in browser. Last month, the U.S.

Passwords

Passwords Cybercrime Malware Marketing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information. A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Macs targeted by info stealers in new era of cyberthreats

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. But in the world of cybercrime, malware features only mean so much.

Malware

Malware Software Passwords Cryptocurrency

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

A focus on cybercrime While people hold a sense of distrust for election-related ads, they also revealed another emotion towards them: Fear. Finally, though Malwarebytes did not directly tie the concept of “cybercrime” to the election itself, survey participants were asked about “cyber interference.”

Scams

Scams Identity Theft Cybercrime Accountability

The sound of you typing on your keyboard could reveal your password

Malwarebytes

DECEMBER 12, 2023

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

Passwords

Passwords Artificial Intelligence Password Management Cybercrime

The sound of you typing on your keyboard could reveal your password

Malwarebytes

DECEMBER 12, 2023

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

Passwords

Passwords Artificial Intelligence Password Management Cybercrime

COMB: Over 3.2 Billion Unique Email and Password Combinations Leaked on Underground Forum

Hot for Security

FEBRUARY 9, 2021

billion user login combinations, was posted on a cybercrime forum last week. The mother of all data leaks, dubbed “Compilation of Many Breaches” (COMB) by its uploader, includes unique email and password combinations from more than 250 previous data breaches, such as Netflix, LinkedIn and Exploit.in. Data leak impact.

Passwords

Passwords Data breaches Accountability Password Management

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Don't reuse passwords for anything important -- and get a password manager to remember them all. Given this, your best option is to turn your efforts toward trying to make sure that your data isn't used against you. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft

Identity Theft Passwords Password Management Authentication

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

DECEMBER 8, 2022

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). Only 28 percent don’t use repeated passwords•Only 20 percent use a password manager. Not using repeated passwords.

Cybersecurity

Cybersecurity Passwords Password Management Ransomware

The danger of data breaches — what you really need to know

Webroot

APRIL 22, 2025

Here are some of the most likely targets for access to consumer data: Healthcare organizations : Healthcare companies are a prime target for cybercrime due to the large amounts of sensitive data they store, which includes personal information and medical records.

Data breaches

Data breaches Identity Theft Passwords Accountability

Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

Troy Hunt

JUNE 11, 2018

I was contacted by the Cybercrime Bureau of the Estonian Central Criminal Police who were after some assistance notifying individuals impacted by a number of different breaches. In total, there were 655k records affected that are now searchable.

Cryptocurrency

Cryptocurrency Cybercrime Data breaches Passwords

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. 24, Russia invades Ukraine, and fault lines quickly begin to appear in the cybercrime underground. I will also continue to post on LinkedIn about new stories in 2023. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

It involves regularly changing passwords and inventorying sensitive data. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Change passwords regularly. Passwords are easy to steal, and hackers can use them in just a few seconds.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

1 in 10 people do nothing to stay secure and private on vacation

Malwarebytes

MARCH 17, 2025

While Google searches are probably one of the most common tasks for any vacation planning, the results that people see can be manipulated through a type of cybercrime called malvertising , short for “malicious advertising. Use a password manager and 2FA. Your most sensitive accounts shouldnt just have a unique password.

VPN

VPN Passwords Scams Backups

Digital life protection: How Webroot keeps you safe in a constantly changing world

Webroot

FEBRUARY 21, 2025

Password Manager Ensures your passwords are strong and secure, while also making them easy to access and manage. Password Manager Helps you securely store and manage your login credentials. Cybercrime is increasing at an alarming rate, targeting individuals and families just as often as businesses.

Antivirus

Antivirus Identity Theft Cyber threats Phishing

What the Marriott Breach Says About Security

Krebs on Security

DECEMBER 1, 2018

Marriott is offering affected consumers a year’s worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? It probably can’t hurt as long as you’re not expecting it to prevent some kind of bad outcome.

Passwords

Passwords Accountability Malware Phishing

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. The company engaged a leading cybersecurity and forensics firm to investigate the incident, it confirmed that the data breach did not compromise users’ Master Passwords.

Data breaches

Data breaches Password Management Passwords Architecture

LastPass revealed that encrypted password vaults were stolen

Security Affairs

DECEMBER 23, 2022

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. The backup contains both unencrypted data (i.e.

Encryption

Encryption Passwords Data breaches Backups

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Malwarebytes

JUNE 3, 2022

By focusing on this context, we hope that you’ll come away with a stronger understanding about, for instance, why you should use a password manager rather than that you should use a password manager. Do use strong passwords. Here’s what to avoid during Internet Safety Month, and every month after.

Internet

Internet Internet Scams Passwords

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

Password Reuse Risk is Exacerbated by Dark Web Data

Security Boulevard

APRIL 30, 2021

A flood of data to the dark web in the last 12 months has kicked up the cybercrime risk of password reuse. The post Password Reuse Risk is Exacerbated by Dark Web Data appeared first on Security Boulevard. Here's how to protect your data.

Passwords

Passwords Risk Cybercrime Password Management

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level criminals” to advanced adversaries, using various techniques. Browsers allow users to maintain authentication, remember passwords and autofill forms. See the Best Password Management Software & Tools.

Authentication

Authentication Password Management Passwords Malware

Cyber Security Awareness Month: Cyber tune-up checklist

Webroot

OCTOBER 1, 2024

Password best practices One of the best ways to keep your personal data out of the hands of hackers is also one of the simplest. Create strong passwords. Here are some tips for creating unbreakable passwords. Keep it complicated We juggle so many passwords, it’s tempting to use something easy to remember.

Security Awareness

Security Awareness Passwords Backups Password Management

Have I Been Pwned teams with FBI, gives open-source access to code

SC Magazine

MAY 28, 2021

The breach aggregator Have I Been Pwned, one of the most popular tools to test the real-world strength of passwords, made two significant announcements on Friday: A collaboration with the FBI to obtain new, hacked passwords, and contributing some of its code-base to the open-source community. Have I Been Pwned has two main features.

Passwords

Passwords Password Management Small Business Media

CISA Cuts: What They Mean for Cyber Defense for All

SecureWorld News

APRIL 10, 2025

I've seen studies that show that 60 percent of all cybercrimes are attributable to insiders, and it's all too common that terminated employees exfiltrate troves of sensitive data. John DiLullo, CEO at Deepwatch, had this to say, "The blast radius from these cuts at CISA will be massive.

Energy and Utilities

Energy and Utilities Backups Healthcare Cybersecurity

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

The Last Watchdog

FEBRUARY 1, 2019

billion stolen usernames, passwords and other personal data. This is where criminals deploy botnets to automate the injection of surreptitiously obtained usernames and password pairs until they gain fraudulent access to a targeted account. Related: Massive Marriott breach closes out 2018. ” Third-party risks.

Small Business

Small Business Passwords Authentication Accountability

An odd kind of cybercrime: Gift vouchers, medical records, and.food

Malwarebytes

OCTOBER 24, 2022

Foy was able to gain access to many victims’ accounts as they often used the same passwords across more than one account. Grab yourself a password manager. They create and remember strong passwords to prevent reuse, and many will refuse to sign in to bogus websites. A FIDO2 hardware key is the best option.

Cybercrime

Cybercrime Identity Theft Social Engineering Passwords

Dell notifies customers about data breach

Malwarebytes

MAY 10, 2024

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else.

Data breaches

Data breaches Passwords Phishing Big data

The Wages of Password Re-Use: Your Money or Your Life

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

Trending Sources

The Risk of Weak Online Banking Passwords

Operation Endgame

International law enforcement operation dismantled RedLine and Meta infostealers

Password manager hijacked to deliver malware in supply chain attack

The Life Cycle of a Breached Database

The Silent Breach: How E-Waste Fuels Cybercrime

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

The 3 biggest cybersecurity threats to small businesses

Russian Infostealer Gangs Steal 50 Million Passwords

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Macs targeted by info stealers in new era of cyberthreats

Election season raises fears for nearly a third of people who worry their vote could be leaked

The sound of you typing on your keyboard could reveal your password

The sound of you typing on your keyboard could reveal your password

COMB: Over 3.2 Billion Unique Email and Password Combinations Leaked on Underground Forum

Protecting Yourself from Identity Theft

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The danger of data breaches — what you really need to know

Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

Happy 13th Birthday, KrebsOnSecurity!

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

1 in 10 people do nothing to stay secure and private on vacation

Digital life protection: How Webroot keeps you safe in a constantly changing world

What the Marriott Breach Says About Security

LastPass data breach: threat actors stole a portion of source code

LastPass revealed that encrypted password vaults were stolen

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

New Version of Meduza Stealer Released in Dark Web

Password Reuse Risk is Exacerbated by Dark Web Data

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Cyber Security Awareness Month: Cyber tune-up checklist

Have I Been Pwned teams with FBI, gives open-source access to code

CISA Cuts: What They Mean for Cyber Defense for All

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

An odd kind of cybercrime: Gift vouchers, medical records, and.food

Dell notifies customers about data breach

Stay Connected