2013, Authentication and Password Management

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

“In fact, large aggregations of stolen credentials have been around since 2013-2014. By far the most important passwords are those protecting our email inbox(es). . “Today, it is even a more common occurrence to see mixing new and old breached credentials,” Holden said.

Passwords

Passwords Accountability Hacking Password Management

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. ”

Passwords

Passwords Encryption Password Management Cryptocurrency

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Use a password manager.

Passwords

Passwords Password Management Accountability Authentication

The 111 Million Record Pemiblanc Credential Stuffing List

Troy Hunt

JULY 9, 2018

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Passwords

Passwords Password Management Data breaches Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. The more iterations, the longer it takes an offline attacker to crack your master password.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Microsoft says to ditch passwords all together on World Password Day

CyberSecurity Insiders

MAY 6, 2022

World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives. And remember, passwords can be stolen, compromised and can be easily forgotten.

Passwords

Passwords Authentication Accountability Password Management

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Microsoft is already providing passwordless features to Azure Active Directory, and for Google, multi-factor authentication (MFA) has become mandatory. See the Top Password Managers.

Passwords

Passwords Password Management Authentication Technology

World Password Day: Brushing up on the basics

Malwarebytes

MAY 5, 2022

Elsewhere, leaks in which passwords may feature prominently can run the full range of “secure password” to “plaintext data and viewable by anyone” When passwords are exposed, it potentially provides inroads into multiple accounts owned by the victim. The problem with passwords. Go old school.

Passwords

Passwords Password Management Authentication Accountability

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

AUGUST 15, 2024

The scale of this breach, if confirmed, would rival or exceed other notorious data breaches in history, such as the 2013 Yahoo breach that affected an estimated 3 billion accounts. Use complex, unique passwords for all accounts and consider using a password manager. Stay alert for phishing attempts and other scams.

Data breaches

Data breaches Identity Theft Password Management Data collection

How to spot the signs of a virtual kidnap scam

Malwarebytes

MAY 15, 2022

In 2013, we had pretend hitmen threatening murder unless victims paid $25,000 to survive their non-existent wrath. 2 factor authentication and password managers are good places to start. Some take it a step further, leaning in with a more direct approach, ranging from death threats to sextortion, and even kidnap claims.

Scams

Scams Social Engineering Password Management Engineering

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Example of leaked email addresses: Besides the CSV files, the bucket also contained voice recordings of several sales pitches to digital marketers about RepWatch, which appears to be a long-defunct domain reputation management tool and may or – considering when the files were uploaded – may not be related to the CSV files stored in the bucket.

Social Engineering

Social Engineering Passwords Marketing Phishing

“Have I been pwnd?”– What is it and what to do when you are pwned

Malwarebytes

MAY 19, 2021

What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” The US Department of Energy (DoE). The New York Times.

Passwords

Passwords Data breaches Government Accountability

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management.

VPN

VPN Software Authentication Encryption

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Security Affairs

JULY 31, 2020

The motion picture acquisition agreements, tax ID requests, and contract addendum scans all date between 2013 and 2016. Storing anything on a publicly accessible server without any kind of authentication process in place is dangerous, which is a lesson many organizations still tend to learn the hard way.

Identity Theft

Identity Theft Accountability Advertising Marketing

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. Ring started in 2013, offering video doorbells that let you see and talk to visitors from your phone. While 2SV is a valuable security measure, it is less robust than multi-factor authentication (MFA).

Firmware

Firmware Encryption Passwords Authentication

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

I ended up moving this section after the miscellaneous one simply because of this: We've seen a 2016 copyright, a 2010 copyright and now a 2013 copyright published on a 2014 page! But getting onto the title of this section, the page in question is the E-Aadhaar authentication page (also geo-blocked).

Hacking

Hacking Government Encryption Risk

It’s a Holiday Security Breach Blowout

SiteLock

AUGUST 27, 2021

The next notification I received was for an earlier intrusion, the 2013 compromise of 2.4 Next, use robust authentication practices. Use strong, non-dictionary passwords for sites and services, use a password manager to store them, and never reuse passwords across sites.

Data breaches

Data breaches Passwords Identity Theft Firewall

Yahoo! Yippee? What to Do?

Adam Shostack

DECEMBER 15, 2016

Yesterday, Yahoo disclosed that attackers broke into Yahoo in 2013 and stole details on a billion accounts. Turn on two-factor authentication, whenever possible. Most banking sites and ones like Google, Apple, Twitter and Facebook offer two-factor authentication. The first mistake is to not recommend a password manager.

Password Management

Password Management Passwords Encryption Accountability

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

The FaceTime bug definitely proves that your phone can be used as a remote listening device "without any authentication" — Marcus J. Tabriz has led Google Chrome’s security since 2013, which extends to managing Product, Engineering, and UX today. Enable 2FA and get a password manager.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Cyber Security Informer

Ukraine Nabs Suspect in 773M Password ?Megabreach?

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password