Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 335

Phishing Cryptocurrency Accountability Social Engineering 335

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

Accountability 363

Accountability Identity Theft Hacking Insurance 363

Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication. And when that PCM employee’s account got hacked, so too did many other PCM customers.

Authentication 266

Authentication Accountability Data breaches Software 266

Malwarebytes

FEBRUARY 25, 2025

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach. Check the vendors advice.

Data breaches 100

Data breaches Passwords Phishing Password Management 100

Malwarebytes

FEBRUARY 14, 2025

Over the years Zacks has suffered a few data breaches. In 2023, data allegedly belonging to Zacks containing 8,615,098 records was leaked online. The most recent data in this database is from May 2020. This would be the 2nd (hacked back in 2020) major data breach for Zacks. Check the vendors advice.

Accountability 85

Accountability Data breaches Passwords Phishing 85

Webroot

APRIL 22, 2025

If a company you do business with becomes part of a data breach, cybercriminals may have full access to your confidential information. Unfortunately, data breaches are on the rise and affecting more companies and consumers than ever. billion people received notices that their information was exposed in a data breach.

Data breaches 66

Data breaches Identity Theft Passwords eCommerce 66

Hacker's King

DECEMBER 28, 2024

Data breaches and account hacks are a growing concern for users, especially with the personal and professional information shared on the platform. If youre worried about your Instagram account being hacked , it's essential to take proactive steps to protect your data.

Data breaches 52

Data breaches Hacking Passwords Accountability 52

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Most immediately is the ubiquity of 2-factor authentication.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Krebs on Security

JULY 12, 2024

disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).

Data breaches 345

Data breaches Passwords Authentication Accountability 345

Malwarebytes

JUNE 1, 2024

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week : Ticketmaster has suffered a data breach. The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, manage, and analyze large volumes of data. Enable two-factor authentication (2FA).

Data breaches 145

Data breaches Passwords Phishing Password Management 145

Malwarebytes

NOVEMBER 4, 2024

In a data breach notification filed by the Attorney General for the state of Maine, the cybersecurity incident that affected Columbus, Ohio impacted half a million people. Because of the data breach notification from Maine’s Attorney General, that number now has a little more clarity. Check the vendor’s advice.

Data breaches 116

Data breaches Passwords Ransomware Phishing 116

The Last Watchdog

JULY 24, 2023

In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts. They are simply not good enough.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Malwarebytes

MAY 10, 2024

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. So, this is another big data breach that leaves us with more questions than answers. Enable two-factor authentication (2FA). Change your password.

Data breaches 143

Data breaches Passwords Phishing Password Management 143

Security Affairs

MAY 13, 2024

Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. The company is notifying the impacted customers. ” continues the notice.

Data breaches 128

Data breaches Cyber Attacks Identity Theft Banking 128

Krebs on Security

SEPTEMBER 13, 2023

USDoD didn’t say why they decided to leak the data on the 22nd anniversary of the 9/11 attacks, but there was definitely an aircraft theme to the message that accompanied the leak, which concluded with the words, “Lockheed martin, Raytheon and the entire defense contractos [sic], I’m coming for you [expletive].”

Cybercrime 338

Cybercrime Passwords Authentication Malware 338

Malwarebytes

JULY 19, 2024

The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). Because both of these breaches were announced/updated in the second quarter of 2024 they have a huge impact on the numbers. Enable two-factor authentication (2FA).

Data breaches 128

Data breaches Passwords Identity Theft Phishing 128

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts.

Data breaches 139

Data breaches Social Engineering Engineering Authentication 139

Malwarebytes

OCTOBER 8, 2024

Money transfer company MoneyGram has notified its customers of a data breach in which it says certain customers had their personal information taken between September 20 and 22, 2024. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Data breaches 124

Data breaches Passwords Identity Theft Phishing 124

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out. The phone number associated with my late Facebook account (which I deleted in Jan.

Mobile 357

Mobile Accountability Passwords Authentication 357

Malwarebytes

JUNE 14, 2024

The online handle of the seller immediately raised the suspicion that this was yet another Snowflake related data breach. Post by Sp1d3r on breach forum The post also mentions Suntrust bank because Truist Bank arose after SunTrust Banks and BB&T (Branch Banking and Trust Company) merged in December 2019. Take your time.

Data breaches 117

Data breaches Banking Passwords Phishing 117

The Last Watchdog

SEPTEMBER 24, 2024

Rather, we should treat SSN as just another piece of personally identifiable information (PII) like an email address – confidential information but not a sensitive one that unlocks your bank accounts. In the case of NPD, the hackers targeted a data broker whose role is to aggregate information from many data sources.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Malwarebytes

MARCH 19, 2025

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers’ personal information. The data breach notification states that the breach occurred on April 20, 2024 and CCB discovered it on October 4, 2024. Enable two-factor authentication (2FA).

Banking 95

Banking Data breaches Computers and Electronics Passwords 95

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The data may also include your address and phone number if you have provided that to us.”

Passwords 362

Passwords Authentication Firmware Accountability 362

Malwarebytes

MARCH 25, 2025

There are no changes to the way the company stores, manages, or protects customer data. In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. Enable two-factor authentication (2FA).

Passwords 117

Passwords Accountability Data breaches Phishing 117

The Last Watchdog

JUNE 9, 2021

Massive data base breaches today generally follow a distinctive pattern: hack into a client -facing application; manipulate an API; follow the data flow to gain access to an overly permissive database or S3 bucket (cloud storage). A classic example of this type of intrusion is the Capital One data breach.

Data breaches 203

Data breaches Software Hacking Mobile 203

Malwarebytes

AUGUST 27, 2024

The Texas Dow Employees Credit Union (TDECU) has filed a data breach notification , reporting that the data of 500,474 people has been accessed in an external system breach. Protecting yourself after a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

Data breaches 120

Data breaches Passwords Phishing Password Management 120

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported. million former account holders.”

Data breaches 144

Data breaches Telecommunications Cybercrime Hacking 144

Krebs on Security

NOVEMBER 29, 2023

20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. When KrebsOnSecurity broke the news on Oct. In a previous disclosure on Nov.

Authentication 294

Authentication Accountability Passwords Antivirus 294

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 336

Accountability Passwords Authentication Password Management 336

Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

Accountability 340

Accountability Passwords Authentication Insurance 340

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 333

Hacking Cybercrime Phishing Passwords 333

Malwarebytes

MARCH 5, 2024

In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered the breach. The account information of some card holders may have fallen into the wrong hands. The accessed information includes account numbers, names, and card expiration dates. Take your time.

Data breaches 132

Data breaches Accountability Passwords Identity Theft 132

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. ”continues the statement.

Data breaches 131

Data breaches Telecommunications Banking Mobile 131

SecureWorld News

JULY 12, 2024

RELATED: Snowflake Data Breach Rocks Ticketmaster, Live Nation, and Others ] "Companies using Snowflake should immediately implement multi-factor authentication (MFA) to enhance security and protect sensitive data. A password manager can generate strong and unique passwords for every account.

Data breaches 120

Data breaches Passwords Authentication Artificial Intelligence 120

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. MOVEit Transfer is a file transfer tool used by many organizations, including the Clearinghouse, to support the transfer of data files.” reads the advisory published by the company.

Data breaches 134

Data breaches Education Ransomware Software 134

SecureWorld News

APRIL 29, 2024

Kaiser Permanente, one of the largest not-for-profit providers of health care and coverage in the United States, is dealing with the fallout from a significant data breach that has affected more than 13 million individuals. The company revealed details of the incident in a public notification posted on April 25th.

Data breaches 112

Data breaches Healthcare Identity Theft Advertising 112

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. “On October 19 th , 2023, Brookfield Global Relocation Services (BGRS) informed the Government of Canada of a breach involving Government of Canada information held by BGRS and SIRVA Canada systems.”

Data breaches 136

Data breaches Government Hacking Backups 136