2012, Data breaches and Passwords - Cyber Security Informer

The password hall of shame (and 10 tips for better password security)

CSO Magazine

APRIL 15, 2021

Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.”

Passwords

Passwords Data breaches

Top 10 Data Breaches of All Time

SecureWorld News

MARCH 24, 2022

Now, headlines about ransomware, cyberattacks, and data breaches pour into social media feeds as steady as a river flows. SecureWorld News takes a look at some of the largest data breaches to ever occur. Top 10 most significant data breaches. Yahoo data breach (2013). Who attacked: no attacker.

Data breaches

Data breaches Passwords Accountability Government

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities. Image: U.S.

Retail

Retail Advertising Cryptocurrency Marketing

Top 10 Data Breaches of All Time

SecureWorld News

DECEMBER 29, 2020

Now headlines about ransomware, cyberattacks and data breaches pour into social media feeds at a steady drumbeat. SecureWorld now takes a look at some of the largest data breaches to ever occur. Top 10 most significant data breaches. Yahoo data breach (2013). Equifax data breach (2017).

Data breaches

Data breaches Passwords Accountability Government

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

Malwarebytes

DECEMBER 21, 2021

This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. HIBP) allows users to type in an email address, phone number or password and find out how many times they’ve been involved in a data breach. Have I Been Pwned?’.

Passwords

Passwords Password Management Authentication Data breaches

News aggregator Flipboard disclosed a data breach

Security Affairs

MAY 29, 2019

Stolen records include names, usernames , password hashes, email addresses, and for some users digital tokens used to access Flipboard through third-party services. At the time it is not clear the extent of the breach, anyway, the company forced a password reset for all its users. SecurityAffairs – hacking , data breach).

Data breaches

Data breaches Accountability Passwords Advertising

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million phone numbers that are part of Dubsmash data breach that occurred in 2018. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1

Data breaches

Data breaches Advertising Passwords Hacking

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. All of these domains date back to between 2012 and 2013. com , and portalsagepay[.]com.

Ransomware

Ransomware Passwords Accountability Cybercrime

How to lose your password

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. This time passwords were lightly protected by the 1970s-era DES algorithm. Taking a password dump from a server isn’t, of course, the only route to compromise.

Passwords

Passwords Internet Internet Data breaches

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter.

Data breaches

Data breaches Passwords InfoSec Accountability

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails.

Hacking

Hacking Cybercrime Data breaches Advertising

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., 2333youxi[.]com blazefire[.]com blazefire[.]net

Mobile

Mobile Technology Manufacturing Malware

Implementing Password Security

SiteLock

AUGUST 27, 2021

Seems like every few months another blogger or security maven laments the passing of the password, a security tool that has outlived its usefulness and should now be replaced with something more of the times, more effective, more secure. And while the password might be on life-support, it’s not quite gone. That’s right.

Passwords

Passwords Data breaches Banking Accountability

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Troy Hunt

JULY 18, 2022

I think it was around the end of 2012, and they were terrible! I wanted to build a data breach search service. Ok, obvious answer, but I'd just found both my personal and Pfizer email addresses in the Adobe data breach which was somewhere I never expected to see them. Password Purgatory ?

Data breaches

Data breaches Passwords Password Management Software

Why (almost) everything we told you about passwords was wrong

Malwarebytes

OCTOBER 3, 2022

I have an embarrassing confession to make: I reuse passwords. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It seems obvious and important therefore to tell users not to reuse passwords.

Passwords

Passwords Password Management Accountability Internet

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. Most of the data come from previously known source s, it could expose affected people to scams and phishing campaigns.

Data breaches

Data breaches Advertising DNS Engineering

GovPayNow.com Leaks 14M+ Records

Krebs on Security

SEPTEMBER 17, 2018

14, KrebsOnSecurity alerted GovPayNet that its site was exposing at least 14 million customer receipts dating back to 2012. Until this past weekend it was possible to view millions of customer records simply by altering digits in the Web address displayed by each receipt. On Friday, Sept.

Mobile

Mobile Government Identity Theft Telecommunications

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

It’s been a busy time for data breaches in the social media world with Myspace, LinkedIn and Twitter all experiencing them. In each of these cases, the cybercriminals behind the breaches were after usernames and passwords. The most commonly used passwords today are, “password” and “123456,” and it only takes a hacker.29

Data breaches

Data breaches Media Passwords Accountability

Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset

Troy Hunt

NOVEMBER 6, 2023

I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a set of data coming from an alleged source), but you don't have a vested interested in whether the claim is true or not, rather you follow the evidence and see where it leads.

Data breaches

Data breaches Accountability Passwords

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., 2333youxi[.]com blazefire[.]com blazefire[.]net

Mobile

Mobile Technology Manufacturing Software

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

MARCH 4, 2019

Earlier this week, a cybercriminal on a Dark Web forum posted an auction notice for access to a Web-based administrative panel for an unidentified “US Search center” that he claimed holds some four million customer records, including names, email addresses, passwords and phone numbers. Nor has Mr. Willms.

Marketing

Marketing Passwords Hacking Advertising

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to the security firm Keepnet Labs that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches

Data breaches Advertising DNS Engineering

WikiLeaks founder Julian Assange faces superseding indictment for conspiring with LulzSec hackers

Security Affairs

JUNE 25, 2020

In 2012, Assange communicated directly with a leader of the hacking group LulzSec (who by then was cooperating with the FBI), and provided a list of targets for LulzSec to hack. “In 2010, Assange gained unauthorized access to a government computer system of a NATO country. ” states DoJ. Department of Defense computer.”

Hacking

Hacking Advertising Passwords Government

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

Collectively in control over millions of spam-spewing zombies, those botmasters also continuously harvested passwords and other data from infected machines. KrebsOnSecurity began researching Icamis’s real-life identity in 2012, but failed to revisit any of that research until recently.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. com from Archive.org in 2012 redirects to the domain qksnap.com , which DomainTools.com says was registered to a Jordan Bloom from Thornhill, ON that same year. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Security Affairs

FEBRUARY 11, 2019

The advertising for the sale of the huge trove of data was published in the popular Dream Market black marketplace, data are available for less than $20,000 worth of Bitcoin. Spokespersons for MyHeritage and 500px confirmed the authenticity of the data. “I need the money. I need the leaks to be disclosed.”

Accountability

Accountability Hacking Advertising Data breaches

Second colossal LinkedIn “breach” in 3 months, almost all users affected

Malwarebytes

JUNE 30, 2021

In a statement, Privacy Shark garnered from Leonna Spilman, who spoke on behalf of LinkedIn, the company claims there is really no breach: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources.

Data breaches

Data breaches Accountability VPN Scams

Ransomware news headlines trending on Google

CyberSecurity Insiders

AUGUST 24, 2022

And studies have revealed that the newly developed file-encrypting malware is using an Open-source password management library for encryption and is having capabilities of remaining anonymous, ex-filtrate data, and having abilities to give control to remote servers. The third is something astonishing to read!

Ransomware

Ransomware Digital transformation Encryption Social Engineering

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

The last bit is particularly important as I logon and would firstly, like my password not to be eavesdropped on and secondly, would also like to keep my financial information on the website secure. " It means "this is private." " You may be having a private conversation with Satan.

VPN

VPN Phishing DNS Encryption

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

In 2012, as a senior soon to graduate with a physics degree, he worked on a project with faculty member Robert W. While at CWRU, he was accused of “cracking passwords” on a CWRU network. In college at CWRU, he participated in a philosophy club, where he was “interested in the philosophy behind mathematics.”

Malware

Malware Passwords Identity Theft Data collection

Cybercrime Year in Review: 2013

SiteLock

AUGUST 27, 2021

In its annual Data Breach Investigations Report , published at the beginning of 2013, Verizon revealed that businesses with fewer than 100 employees made up the single largest group of victims of data breaches. bank accounts in 2012 by cybercrooks using malware like keyloggers.

Cybercrime

Cybercrime Small Business Antivirus Malware

How to Prevent Data Leaks

Spinone

NOVEMBER 30, 2018

There have been some very high profile data breaches in the last couple of years, all of which have cost thousands of dollars of damage and a severe blow to the reputation of the company involved: In late 2014, hackers stole the account information of over 500 million Yahoo email accounts.

Data breaches

Data breaches Passwords Backups Accountability

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Hundreds of millions of user passwords left exposed to Facebook employees: News recently broke that Facebook left the passwords of between 200 million and 600 million users unencrypted and available to the company’s 20,000 employees going back as far as 2012.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

Analyzing JtR’s Tokenizer Attack (Round 1)

Security Boulevard

NOVEMBER 17, 2024

Test 1: Analyze how sensitive Tokenizer is to the size of the training data Question: How sensitive is the Tokenizer attack to being trained on 1mil, or 30+ mil passwords? This could be a community or language specific target, or a dataset targeting a specific password creation policy.

Passwords

Passwords Data breaches

Q&A: Cloud Providers and Leaky Servers

Thales Cloud Protection & Licensing

DECEMBER 21, 2017

My sense is that data leaks appear to be growing exponentially due to the increasing rate of data being stored in the cloud. However, other providers have had very concerning issues as well, and all are at risk of human error leading to data leaks and breaches. Hope isn’t considered a best security practice.

Encryption

Encryption Architecture Data breaches Passwords

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

Don Duncan, security engineer at NuData Security, told eSecurity Planet by email that POS systems are often dangerously easy to penetrate with malware , including the following (among many others): Dexter was discovered by Seculert (now Radware) researchers in 2012. vSkimmer malware, a successor to Dexter, dates back to 2013.

Retail

Retail Encryption Malware Artificial Intelligence

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Ethyca can automate compliance tasks, including real-time data mapping, automated subject requests, consent management, and subject erasure handling. GitGuardian is a developer favorite offering a secrets detection solution that scans source code to detect certificates, passwords, API keys, encryption keys, and more. GitGuardian.

Cybersecurity

Cybersecurity Threat Detection Artificial Intelligence Risk

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

Fixing Data Breaches Part 4: Bug Bounties

Troy Hunt

DECEMBER 20, 2017

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. Let's move on and talk about why this makes a lot of sense when it comes to fixing data breaches.

Data breaches

Data breaches Marketing Penetration Testing Government

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It is a vulnerability in SSL/TLS, protocols that are designed to protect data in transit. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It is a vulnerability in SSL/TLS, protocols that are designed to protect data in transit. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It is a vulnerability in SSL/TLS, protocols that are designed to protect data in transit. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

The password hall of shame (and 10 tips for better password security)

Top 10 Data Breaches of All Time

Trending Sources

An Interview With the Target & Home Depot Hacker

Top 10 Data Breaches of All Time

Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’

News aggregator Flipboard disclosed a data breach

Threat actors are offering for sale 550 million stolen user records

Who Is the Network Access Broker ‘Babam’?

How to lose your password

Project Svalbard: The Future of Have I Been Pwned

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Tracing the Supply Chain Attack on Android

Implementing Password Security

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Why (almost) everything we told you about passwords was wrong

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

GovPayNow.com Leaks 14M+ Records

Cybercriminals are Oversharing with Social Media Data Breaches

Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset

Tracing the Supply Chain Attack on Android

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Hackers Sell Access to Bait-and-Switch Empire

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

WikiLeaks founder Julian Assange faces superseding indictment for conspiring with LulzSec hackers

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Second colossal LinkedIn “breach” in 3 months, almost all users affected

Ransomware news headlines trending on Google

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Alleged FruitFly malware creator ruled incompetent to stand trial

Cybercrime Year in Review: 2013

How to Prevent Data Leaks

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Analyzing JtR’s Tokenizer Attack (Round 1)

Q&A: Cloud Providers and Leaky Servers

Point-of-Sale (POS) Security Measures for 2021

Top Cybersecurity Startups to Watch in 2022

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Fixing Data Breaches Part 4: Bug Bounties

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

Stay Connected