Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 360

Passwords Accountability VPN Malware 360

Malwarebytes

MAY 8, 2025

For decades, passwords have been our default method for keeping online accounts safe. A team at Cybernews conducted a study of over 19 billion newly exposed passwords which showed were looking at a a widespread epidemic of weak password reuse. Does that make the password obsolete? But our opponents have.

Passwords 92

Passwords Artificial Intelligence Identity Theft Password Management 92

eSecurity Planet

MAY 14, 2025

Bitwarden and Dashlane are two popular password managers that offer business plans in addition to their products for individuals. 5 Bitwarden is a popular business password manager with features like user management, custom session length, and integrations with SIEM products. However, Dashlane is still a great choice for businesses.

Password Management 87

Password Management Passwords Data breaches Encryption 87

Krebs on Security

OCTOBER 18, 2024

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “ USDoD ,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. population. USDoD’s InfraGard sales thread on Breached.

Social Engineering 281

Social Engineering Passwords Cybercrime Mobile 281

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  So, he asked them: I seem to have found my email in your data breach.

Data breaches 329

Data breaches Passwords B2B Technology 329

Malwarebytes

MAY 8, 2025

Beside stealing usernames, passwords and circumventing two factor authentication, we identified malicious code capable of performing additional nefarious actions unbeknownst to the victim. Protect yourand your family’spersonal information by using identity protection. Indicators of Compromise Redirect deel[.]za[.]com datedeath[.]com

Phishing 103

Phishing Authentication Engineering Social Engineering 103

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing 287

Phishing Malware Scams Passwords 287

Krebs on Security

JANUARY 7, 2025

In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. “Password is changed,” the man said.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. You can make a stolen password useless to thieves by changing it. Set up identity monitoring.

Passwords 144

Passwords Password Management Phishing Authentication 144

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. 1 – Storing 1 copy offsite (e.g.,

Small Business 162

Small Business Data breaches Backups Passwords 162

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Change your password. Better yet, let a password manager choose one for you.

Data breaches 126

Data breaches Healthcare Passwords Insurance 126

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. Hunt will add the information of the impacted users to HIBP very soon. Internet Archive hacked.

Data breaches 121

Data breaches Internet Internet DDOS 121

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 74

Education Passwords Accountability Encryption 74

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking 252

Hacking Cybercrime Advertising Data breaches 252

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. Infostealers have evolved beyond simple password grabbers. Use unique, complex passwords for every service.

Identity Theft 145

Identity Theft Passwords Accountability Phishing 145

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S. million mobile and fixed subscribers. .

Cyber Attacks 126

Cyber Attacks Telecommunications Data breaches Banking 126

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. And since the backups that were made by a third party turned out to be incomplete, they were also unable to inform affected patients.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Malwarebytes

FEBRUARY 11, 2025

Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info. They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web.

Phishing 129

Phishing Passwords Mobile Authentication 129

Security Affairs

APRIL 22, 2025

. “There has been a sharp increase in the number of cases of unauthorized access and unauthorized trading (trading by third parties) on Internet trading services using stolen customer information (login IDs, passwords, etc.) Avoid password reuse, choose complex passwords, and check account activity often.

Financial Services 120

Financial Services Passwords Accountability Antivirus 120

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 362

Phishing Password Management Passwords Banking 362

Malwarebytes

NOVEMBER 4, 2024

The attack was later claimed by the Rhysida ransomware group on their leak site, where the group posts information about victims that are unwilling to pay. Later, a security researcher disclosed information about the content of the stolen data with the media. Change your password. Enable two-factor authentication (2FA).

Data breaches 115

Data breaches Passwords Ransomware Phishing 115

Malwarebytes

APRIL 24, 2025

In a data breach notice on its website, Blue Shield says it had begun notifying certain members of a potential data breach that may have included elements of their protected health information. This likely included protected health information. Change your password. Choose a strong password that you dont use for anything else.

Insurance 115

Insurance Data breaches Passwords Phishing 115

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult.

Ransomware 123

Ransomware Encryption Passwords Backups 123

Malwarebytes

MARCH 26, 2025

If you have any questions or need more information, please contact the guest directly or through our platform. Press Enter As we explained in more detail here , these instructions will infect their Windows system with an information stealer or Trojan. Find out what information is already out there. Press Ctrl + V.

Phishing 120

Phishing Malware Passwords Password Management 120

Jane Frankland

MAY 16, 2025

Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site. He explained: There are moments that should raise red flags but dont like when your password manager doesnt autofill. Avoid reusing passwords across different services. Always stop and check the URL.

Scams 130

Scams Password Management Passwords Banking 130

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. The company reset affected passwords.

Data breaches 114

Data breaches Passwords Accountability Hacking 114

Malwarebytes

OCTOBER 10, 2024

The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 129

Data breaches DDOS Internet Internet 129

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware 138

Malware Adware Education Phishing 138

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials.

Data breaches 128

Data breaches Financial Services Hacking Mobile 128

eSecurity Planet

MARCH 31, 2025

Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. These messages contain links that direct users to fake Netflix websites designed to steal login information and payment details.

Scams 108

Scams Artificial Intelligence Phishing Passwords 108

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 125

Identity Theft Passwords Malware Banking 125

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 119

Healthcare Data breaches Passwords Identity Theft 119

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. TerraLogger, by contrast, is a standalone keylogger.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. ” The phony booking.com website generated by visiting the link in the text message. .”

Phishing 278

Phishing Accountability Artificial Intelligence Cybercrime 278

Krebs on Security

JUNE 15, 2024

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Hacking 345

Hacking Phishing Cybercrime Passwords 345

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Security Affairs

NOVEMBER 21, 2024

The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government. This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information. ” reported the Associated Press.

Government 144

Government Hacking Ransomware Insurance 144