2014 and Passwords - Cyber Security Informer

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

On the Security of Password Managers

Schneier on Security

FEBRUARY 25, 2019

There's new research on the security of password managers, speficially 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of password lying around memory?

Password Management

Password Management Passwords Software

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

The compromised database contains approximately 6 million lines of data, including critical assets such as JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys. 27, 2014, allowed an unauthenticated attacker network access via HTTP. (region-name).oraclecloud.com), Rotating tenant-level credentials.

Risk

Risk Passwords Hacking Encryption

FBI recommends using passphrases instead of complex passwords

Security Affairs

FEBRUARY 24, 2020

The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity.

Passwords

Passwords Advertising Technology Hacking

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Golubov was arrested in Ukraine in 2005 as part of a joint investigation with multiple U.S. Vrublevsky Sr.

Retail

Retail Advertising Cryptocurrency Marketing

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Change your email account password. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. At the end of March, Linksys issued a security alert warning users of the ongoing attacks and urging them to reset the passwords. “In Pierluigi Paganini. SecurityAffairs – Linksys, hacking).

Passwords

Passwords DNS Malware Advertising

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

How BeerAdvocate Learned They'd Been Pwned

Troy Hunt

JULY 21, 2020

The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned as they'd seen evidence of an email address and password they'd used on the service being abused. Someone had registered a new Netflix account with my email / password associated with my BeerAdvocate account. Not even a password manager.

Passwords

Passwords Accountability Password Management Backups

Zoom client for Windows could allow hackers to steal users’Windows password

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. The attack leverages the SMBRelay technique that provides username and NTLM password hashes to a remote SMB server when connecting to it. Baset (@SymbianSyMoh) April 1, 2020.

Passwords

Passwords Advertising Hacking Software

Marriott Was Hacked -- Again

Schneier on Security

APRIL 2, 2020

account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 linked airline loyalty programs and numbers).

Hacking

Hacking Accountability Data breaches Government

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Spyware VPN Malware

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability

Accountability Advertising Marketing Malware

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

OCTOBER 2, 2020

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. Another demonstration of how valuable Grindr data is came last year when the US gov deemed that Chinese ownership of the service constituted a national security risk.

Accountability

Accountability Hacking Passwords InfoSec

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

For example, one of the most active accounts targeted in this week’s social network crackdown is the Instagram profile “ Trusted ,” self-described as “top-tier professional middleman/escrow since 2014.” Those databases show Beam was just the 12th user account created on OGUsers back in 2014.

Accountability

Accountability Hacking Media Mobile

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Faceless grew out of a popular anonymity service called iSocks , which was launched in 2014 and advertised on multiple Russian crime forums as a proxy service that customers could use to route their malicious Web traffic through compromised computers. The password chosen by this user was “ 1232.” account at Klerk.ru).

Malware

Malware Passwords Accountability Advertising

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

.” Constella Intelligence , a company that tracks exposed databases, finds that 774748@gmail.com was used in connection with just a handful of passwords, but most frequently the password “ featar24 “ Pivoting off of that password reveals a handful of email addresses, including akafitis@gmail.com. ru in 2008.

Malware

Malware Cybercrime Software Accountability

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

The leaked data includes login names, hashed passwords, and email addresses. It is not confirmed that all of the leaked data is legitimate, anyway, experts suggest users change their password immediately. Users that share the password at another site should also change the password. Pierluigi Paganini.

Hacking

Hacking Data breaches Cybercrime Passwords

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet. I have the wallet, @Google hook me up with a quantum computer please.

Cryptocurrency

Cryptocurrency Passwords Advertising Hacking

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

MAY 3, 2020

The hacker has shared 15 million user records calling for action in cracking the passwords that are hashed using the SHA2-384 hashing algorithm. The seller pointed out that the database didn’t contain the salt strings used by the hashing function, this means that cracking the passwords would be a more difficult.

Accountability

Accountability Hacking Passwords Data breaches

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password. In response to the incident, the SFO Airport reset all email and network passwords. The airport also forced a reset of all SFO related email and network passwords on Monday, March 23, 2020.”

Data breaches

Data breaches Hacking Telecommunications Advertising

Shiny Hunters group is selling data from 11 companies on the Dark Web

Security Affairs

MAY 10, 2020

Users of the above companies urge to change their passwords as soon as possible. If users share the same passwords on other sites, they must change their passwords too. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Hacking Advertising Passwords

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. Members of the E27 are recommended to change their password as soon as possible.

Media

Media Hacking Passwords Data breaches

A data breach broker is selling account databases of 17 companies

Security Affairs

NOVEMBER 1, 2020

Users of the above companies have to immediately change their passwords, and if they use the same passwords at other sites, they should also change the password at those sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. .” states BleepingComputer. Pierluigi Paganini.

Data breaches

Data breaches Accountability Advertising Passwords

Marriott discloses data breach impacting up to 5.2 Million guests

Security Affairs

MARCH 31, 2020

account number and points balance, but not passwords) Additional Personal Details (e.g., The company also disabled and forced the reset of the passwords of Marriott Bonvoy members impacted in the incident, it also prompted to enable multi-factor authentication. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Passwords Advertising Accountability

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

In a typical PPI network, clients will submit their malware—a spambot or password-stealing Trojan, for example —to the service, which in turn charges per thousand successful installations, with the price depending on the requested geographic location of the desired victims. AWM Proxy’s online storefront disappeared that same day.

Passwords

Passwords Malware Internet Internet

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. One threat actor responded to the post stating that he has already cracked, or decrypted, nearly a million password hashes.”

Accountability

Accountability Hacking Data breaches Passwords

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

Attempts to log in to my account directly at Experian.com also failed; the site said it didn’t recognize my username and/or password. ” Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. ’ and granting full access,” @PeteMayo wrote.

Accountability

Accountability Authentication Passwords Identity Theft

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Passwords Accountability Advertising

Open Exchange Rates discloses a security breach

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches

Data breaches Passwords Advertising Accountability

The team behind the Joomla CMS discloses a data breach

Security Affairs

JUNE 1, 2020

Data contained in the backup includes : Full name Business address Business email address Business phone number Company URL Nature of business Encrypted password (hashed) IP address Newsletter subscription preferences. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the notification.

Data breaches

Data breaches Backups Passwords Advertising

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

APRIL 19, 2020

A hacker has leaked the usernames and passwords of nearly 23 million players of Webkinz World on a well-known hacking forum. . 22,000,000 users affected and while the database only contains username and hashed passwords, I believe it is just part of the full database that was probably taken as well. Pierluigi Paganini.

Hacking

Hacking Passwords Data breaches Advertising

500,000+ Zoom accounts available for sale on the Dark Web

Security Affairs

APRIL 13, 2020

The data were first discovered by experts at cybersecurity intelligence firm Cyble, lists of email addresses and associated passwords were published on text sharing sites. These accounts are shared via text sharing sites where the threat actors are posting lists of email addresses and password combinations. Pierluigi Paganini.

Accountability

Accountability Passwords Advertising Phishing

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

. “Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet” Attackers attempt to brute-force the username and password used to protect RDP access to systems exposed online, they can use combinations of random characters or leverage dictionary of most popular passwords.

Passwords

Passwords Advertising Authentication VPN

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past. Emotet joined the password-protected attachment bandwagon with a campaign starting Friday. ” states the Italian CSIRT’s alert. .

Malware

Malware Passwords Advertising Ransomware

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

The experts discovered 12,706 applications (8.47%) containing some sort of backdoors (secret access keys, master passwords, and secret commands providing access to admin-only functions), and 4,028 apps (2.69%) that include blacklist secrets, which would block content based on specific keywords subject to censorship, cyber bullying or discrimination.

Mobile

Mobile Passwords Advertising Firmware

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.” Aerial Direct confirmed that no passwords or financial information accessed by hackers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Passwords Advertising

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Security Affairs

JANUARY 25, 2020

Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile

Mobile Passwords Advertising Authentication

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Change your Activision account passwords and add 2FA immediately. Activision accounts are apparently being leaked so change your password, although that might not even help because they're apparently generating 1,000 accounts every 10 minutes. Players are recommended to change their account passwords as soon as possible.

Hacking

Hacking Data breaches Accountability Passwords

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the post published by Cyble. Pierluigi Paganini.

Banking

Banking Data breaches Advertising Mobile

SQL Dump from popular Indian BGR tech site leaked online

Security Affairs

FEBRUARY 27, 2020

The data leak was first reported by experts from the security firm Under the Breach , the full SQL backup contains , emails, hashed passwords, and other information. – Usernames, E-mails, Passwords and more. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Hacked due to exposed s3 AWS bucket.

Backups

Backups Advertising Passwords Hacking

267 Million Facebook identities available for 500 euros on the dark web

Security Affairs

APRIL 20, 2020

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords.

Data breaches

Data breaches Passwords Advertising Phishing

Ukraine Nabs Suspect in 773M Password ?Megabreach?

On the Security of Password Managers

Trending Sources

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

FBI recommends using passphrases instead of complex passwords

An Interview With the Target & Home Depot Hacker

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Linksys force password reset to prevent Router hijacking

TeamViewer flaw can allow hackers to steal System password

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

How BeerAdvocate Learned They'd Been Pwned

Zoom client for Windows could allow hackers to steal users’Windows password

Marriott Was Hacked -- Again

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Who’s Behind the Botnet-Based Service BHProxies?

Hacking Grindr Accounts with Copy and Paste

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Giving a Face to the Malware Proxy Service ‘Faceless’

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Experian, You Have Some Explaining to Do

Threat actor leaked data for U.S. gun exchange site on hacking forum

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

SFO discloses data breach following the hack of 2 of its websites

Shiny Hunters group is selling data from 11 companies on the Dark Web

Asian media firm E27 hacked, attackers asked for a “donation”

A data breach broker is selling account databases of 17 companies

Marriott discloses data breach impacting up to 5.2 Million guests

The Link Between AWM Proxy & the Glupteba Botnet

4 Million Quidd account details shared on hacking forums

It’s Still Easy for Anyone to Become You at Experian

Hackers exploit SQL injection zero-day issue in Sophos firewall

Open Exchange Rates discloses a security breach

The team behind the Joomla CMS discloses a data breach

Popular Webkinz World online children’s game hacked, 23M credentials leaked

500,000+ Zoom accounts available for sale on the Dark Web

RDP brute-force attacks rocketed since beginning of COVID-19

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Experts uncovered hidden behavior in thousands of Android Apps

Aerial Direct, the O2’s largest UK partner suffered a data breach

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Alleged Activision hack, 500,000 Call Of Duty players impacted

UberEats data leaked on the dark web

SQL Dump from popular Indian BGR tech site leaked online

267 Million Facebook identities available for 500 euros on the dark web

Stay Connected