Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords 269

Passwords Accountability Hacking Education 269

Webroot

APRIL 22, 2025

If a company you do business with becomes part of a data breach, cybercriminals may have full access to your confidential information. Unfortunately, data breaches are on the rise and affecting more companies and consumers than ever. billion people received notices that their information was exposed in a data breach.

Data breaches 72

Data breaches Identity Theft Passwords Accountability 72

Troy Hunt

DECEMBER 20, 2017

This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Here I had 13m of their customer records (including plain text passwords, thank you very much) that someone had sent me.

Data breaches 249

Data breaches Risk Accountability Data collection 249

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. Infostealers have evolved beyond simple password grabbers. Use unique, complex passwords for every service.

Identity Theft 145

Identity Theft Passwords Accountability Phishing 145

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. The humble password is nothing more than a digital key that opens a door. And they use passwords to open a device, a system, an account, a file and so on. Which begs the question: why do people create their own passwords? Yet most people don’t know how to use them properly.

Passwords 237

Passwords Encryption Phishing Social Engineering 237

Security Affairs

SEPTEMBER 23, 2019

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The company is notifying the incident to its users via email and is forcing a password reset in response to the incident. Pierluigi Paganini.

Data breaches 105

Data breaches Passwords Education Advertising 105

Troy Hunt

DECEMBER 21, 2017

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. That was in November 2015, a mere 3 months after the Ashley Madison data breach. This is an incident where 4.8

Data breaches 162

Data breaches Education Hacking Passwords 162

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. Hunt also noticed that, when he tried to log into his Mailchimp account by following the phishing emails link, his password manager did not auto-fill his account details.

Phishing 118

Phishing Data breaches Password Management Scams 118

Security Affairs

MAY 21, 2020

Meal delivery service Home Chef has confirmed that it recently suffered a security breach that exposed its customer information. Meal delivery service Home Chef has disclosed a data breach that exposed its customer information. The post Meal delivery service Home Chef discloses data breach appeared first on Security Affairs.

Data breaches 134

Data breaches Passwords Advertising Accountability 134

Malwarebytes

JULY 19, 2024

The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). Through public and private support, it provides no-cost victim assistance and consumer education. Financial services had the most breaches, followed by healthcare.

Data breaches 123

Data breaches Passwords Identity Theft Phishing 123

Malwarebytes

APRIL 16, 2025

This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. Don’t reuse passwords. These account takeover attacks have skyrocketed lately. Protect your PC.

Internet 143

Internet Internet Passwords Artificial Intelligence 143

SecureWorld News

MAY 10, 2022

Even though World Password Day is over, it's never too late to remind your end-users that weak, unimaginative, and easy-to-guess passwords—like "123456," "qwerty," and, well… "password"—are poor options for securing accounts and devices. Improving password best practices matters.

Passwords 98

Passwords Education Password Management Computers and Electronics 98

Security Affairs

MAY 3, 2021

Which are the most common causes of a Data Breach and how to prevent It? Data breaches are highly damaging and equally embarrassing for businesses and consumers. If you look at Verizon’s 2020 Data Breach Investigations Report, you can find some of the most common causes of data breaches.

Data breaches 145

Data breaches Social Engineering Engineering Network Security 145

Troy Hunt

NOVEMBER 19, 2020

txt" had a small number of email address and password hex pairs. This same pattern appeared over and over again across the other archives and it gives us a pretty good idea of what the data was intended for: credential stuffing. A substantial number, although not even in the top 10 largest breaches already in HIBP.

Passwords 364

Passwords Password Management Accountability Risk 364

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Troy Hunt

DECEMBER 19, 2017

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? That is all.

Data breaches 171

Data breaches Data collection B2B Mobile 171

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords 127

Passwords Password Management Education Accountability 127

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164

Passwords Authentication Data breaches Internet 164

Malwarebytes

JUNE 9, 2022

According to Palo Alto Networks , most known cloud data breaches start with misconfigured IAM policies or leaked credentials. Specifically, researchers found that IAM misconfigurations cause 65% of detected cloud data breaches, with the runners up being weak password usage (53%) and allowing password reuse (44%).

Data breaches 119

Data breaches Passwords Malware Education 119

The Last Watchdog

OCTOBER 24, 2022

Employee security awareness is the most important defense against data breaches. It involves regularly changing passwords and inventorying sensitive data. There are several ways you can protect your business from data breaches. Change passwords regularly. Create security awareness for employees.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Troy Hunt

DECEMBER 20, 2017

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. Let's move on and talk about why this makes a lot of sense when it comes to fixing data breaches.

Data breaches 145

Data breaches Marketing Penetration Testing Government 145

Security Affairs

DECEMBER 1, 2022

Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented. Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly.

Data breaches 108

Data breaches Passwords Social Engineering Encryption 108

The Last Watchdog

NOVEMBER 19, 2023

Fluent in American English, a gang member convinced a help desk worker to provide a one-time password to log into the systems. But persuading a poorly trained help desk operator to provide a temporary password isn’t, unfortunately, out of the ordinary. Human error remains a primary failing in upwards of 88 percent of all data breaches.

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach.

Passwords 279

Passwords Data breaches Password Management Accountability 279

Identity IQ

JANUARY 19, 2021

With all that transpired over the last few months, and even with the SolarWinds cyberattack making headlines , it might be easy to forget that data breaches and hacks continue to expose the personal information of millions. This leaves victims of the data breaches vulnerable to identity theft. million guests were exposed.

Data breaches 105

Data breaches Identity Theft Small Business Passwords 105

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Awareness events foster to shape human attitude, enhance a positive culture against cyber threats, and educate businesses and people about protective measures they can take to secure their sensitive personal data: Enable MFA.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

Identity IQ

MARCH 11, 2021

On average there are three data breaches a day, according to the Identity Theft Resource Center. If you’ve been notified you have been compromised in a data breach or suspect your personal information has been exposed, here are some concrete steps you can take to help protect your critical data.

Data breaches 105

Data breaches Identity Theft VPN Passwords 105

Security Affairs

APRIL 21, 2023

The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members. According to BleepingComputer, 1,466,000 members were impacted by this breach. The bad news is that many members used a default password assigned by the platform and never changed it over the time.

Data breaches 98

Data breaches Passwords Education Accountability 98

Security Affairs

APRIL 14, 2023

Open-source media player software provider Kodi discloses a data breach after threat actors stole its MyBB forum database. Kodi has disclosed a data breach, threat actors have stolen the company’s MyBB forum database that contained data for over 400K users and private messages.

Data breaches 98

Data breaches Backups Passwords Accountability 98

Hacker's King

MAY 24, 2025

No day goes by without risk of data breaches, identity theft, or financial losses to both people and businesses around the world. The startling fact is that more than 55% of breaches stem from credential attack vectors. Credential-based attacks include usernames, passwords, and tokens.

Cyber Attacks 59

Cyber Attacks Passwords Education Phishing 59

SecureWorld News

DECEMBER 12, 2024

Strong Password Management: Enforce strong, unique passwords and multi-factor authentication to protect against unauthorized access. Regular Security Audits and Training: Identify vulnerabilities through audits and educate employees on cybersecurity best practices.

Password Management 109

Password Management Passwords CISO Cybersecurity 109

Identity IQ

MARCH 2, 2021

If you’re still under the impression that hacking is restricted to hoodie-wearing individuals in darkened rooms, then you might be vastly underestimating the scale the data breach problem. . Last year alone more than 300 million consumers were impacted by data breaches, according to the Identity Theft Resource Center.

Data breaches 98

Data breaches Identity Theft Cybercrime Data collection 98

Security Boulevard

JUNE 11, 2021

According to the 2020 Data Breaches report by Verizon, 25% of all breaches involved the use of stolen credentials. Brute force attacks have a similar share, accounting for 18% of all breaches, and 34% of those for small businesses. Why are password attacks like brute forcing so effective?

Passwords 96

Passwords Small Business Data breaches Accountability 96

Malwarebytes

APRIL 27, 2021

In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. That attack, which resulted in an $18.5

Password Management 112

Password Management Passwords Malware Retail 112

Identity IQ

AUGUST 30, 2021

T-Mobile’s massive data breach has affected 54 million customers. This most recent T-Mobile data breach is the company’s fourth data breach in the last three years. Unfortunately, data breaches are a frequent occurrence. Hackers regularly trade or sell people’s personal data.

Data breaches 98

Data breaches Mobile Identity Theft Passwords 98

Hacker's King

OCTOBER 26, 2024

Cybersecurity Week is a global initiative that brings together various stakeholders—government agencies, educational institutions, and private companies—to promote understanding and awareness of cybersecurity issues. These sessions not only educate participants but also foster a sense of community among those invested in cybersecurity.

Cybersecurity 59

Cybersecurity Cyber threats Education Passwords 59

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Gmail’s password recovery function says the backup email address for devrian27@gmail.com is bo3 *@gmail.com.

Ransomware 353

Ransomware Passwords Accountability Cybercrime 353