Accountability, Document and Passwords - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing

Phishing Malware Scams Passwords

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

MARCH 9, 2022

Which led me to a moment of clarity just yesterday as I was pondering revenge tactics and, in a flash of inspiration, came up with the idea of Password Purgatory: purgatory: a place or state of temporary suffering or misery You know how we all hate password complexity criteria? All they have to do first is create a password.

Passwords

Passwords DNS Accountability Risk

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile

Mobile Accountability Data breaches Identity Theft

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kennedy Airport, according to court documents unsealed Monday. Firsov was arrested Mar.

Accountability

Accountability Advertising Hacking Cybercrime

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability

Accountability Hacking Media Mobile

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

Accountability

Accountability Identity Theft Hacking Insurance

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. Here's what it's all about: There's Now 501,636,842 Pwned Passwords.

Passwords

Passwords Data breaches Mobile Risk

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

NOVEMBER 11, 2019

In late October, this author received a tip from Wisconsin-based security firm Hold Security that a file containing a staggering number of internal usernames and passwords for Orvis had been posted to Pastebin. Microsoft Active Directory accounts and passwords. 4, and the second Oct. 4, and the second Oct. Data backup services.

Retail

Retail Passwords Wireless Backups

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking

Hacking Accountability Passwords Cybersecurity

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The email address used for those accounts was f.grimpe@gmail.com. The Justice Department said the Nulled marketplace had more than five million members, and has been selling stolen login credentials, stolen identification documents and hacking services, as well as tools for carrying out cybercrime and fraud, since 2016.

eCommerce

eCommerce Cybercrime Accountability Passwords

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

JANUARY 6, 2022

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam.

Passwords

Passwords Accountability Identity Theft Password Management

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service. According to a Jan.

Mobile

Mobile Accountability Passwords Authentication

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking

Hacking Government Identity Theft Accountability

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability

Accountability Cryptocurrency Passwords DNS

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords

Passwords Accountability Engineering Cryptocurrency

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

Why Phone Numbers Stink As Identity Proof

Krebs on Security

MARCH 17, 2019

Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims. “But from that site’s side, when they see a password reset come in via that phone number, they have no way to know if that’s me.

Accountability

Accountability Passwords Mobile Banking

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. . Then on Aug.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

JANUARY 8, 2019

Account + password = free lifetime use. Log in with the original password and the official website will ask you to change your password! Be sure to remember the modified new password. Once you forget your password, you will lose Office365! Your account information: * USERMANE : (sent username).

Software

Software Passwords Accountability Web Fraud

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability

Accountability Mobile Banking Passwords

How to Protect Your Gmail Password: Top Tips for Maximum Security

Hacker's King

DECEMBER 28, 2024

Your Gmail account stores valuable information such as emails, contacts, and documents. A compromised password can lead to identity theft and data breaches. To safeguard your Gmail password, you need to adopt a few best practices that will enhance your accounts security and keep cyber threats at bay.

Passwords

Passwords Identity Theft Accountability Data breaches

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server).

Data breaches

Data breaches Ransomware Passwords Insurance

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Accountability Authentication

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

OCTOBER 1, 2021

From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file.

Wireless

Wireless Mobile Passwords Authentication

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Theyre checking live access to the email account with the one time code.

Banking

Banking Passwords Password Management Authentication

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly.

VPN

VPN Passwords Software Telecommunications

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

Lucky225 showed how anyone could do the same after creating an account at a service called Sakari , a company that helps celebrities and businesses do SMS marketing and mass messaging. From there, the attacker can reset the password of any account which uses that phone number for password reset links.

Telecommunications

Telecommunications Mobile Accountability Wireless

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Facebook and Instagram passwords were stored in plaintext, Meta fined

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords

Passwords Data breaches Media Phishing

IRS Will Soon Require Selfies for Online Access

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). After entering an email address and picking a password, you are prompted to confirm your email address by clicking a link sent to that address. If your documents get accepted, ID.me

Mobile

Mobile Accountability Insurance Government

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. . 2019 that wasn’t discovered until April 2020.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. So once again I sought to re-register as myself at Experian.

Accountability

Accountability Authentication Passwords Identity Theft

Begging for Bounties and More Info Stealer Logs

Troy Hunt

JULY 31, 2024

The sender then attached a text file with 197 lines of email addresses and passwords belonging to users of Scott's pride and joy. The email went on: The impact of this vulnerability is severe, potentially resulting in: Mass account takeovers by malicious actors. Financial and reputational damage due to security breaches.

Scams

Scams Passwords Malware Accountability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

That same email address also is tied to two forum accounts for a user with the handle “ O.R.Z.” user account — this one on Verified[.]ru Prior to that, akafitis@gmail.com was used as the email address for the account “ Fitis ,” which was active on Exploit between September 2006 and May 2007.

Malware

Malware Cybercrime Software Accountability

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.

Password Management

Password Management Passwords Banking Accountability

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Malware

Malware Identity Theft Cybercrime Accountability

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches

Data breaches Passwords Password Management Accountability

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Firewall

Firewall Passwords VPN Authentication

IT administrators' passwords are awful too

Malwarebytes

OCTOBER 19, 2023

The administrator password is "admin". Research has revealed that IT administrators are just as likely to do the tech equivalent of putting the key under the mat as end users, with both groups using similarly predictable passwords. For that reason, using default passwords is considered a serious security risk.

Passwords

Passwords Authentication Password Management Engineering

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Flashpoint said MrMurza appears to be extensively involved in botnet activity and “drops” — fraudulent bank accounts created using stolen identity data that are often used in money laundering and cash-out schemes. was used for an account “Hackerok” at the accounting service klerk.ru

Malware

Malware Passwords Accountability Advertising

The March Madness Cyber Threat

Adam Levin

MARCH 17, 2022

Sensitive information including passwords and financial information can be exfiltrated and ransomware can be deployed to block access to critical data. A single compromised account is usually the point of entry for hacking campaigns. Change passwords regularly. Keep employee email accounts up to date.

Cyber threats

Cyber threats Phishing Passwords Malware

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Hydra trafficked in illegal drugs and financial services, including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. Incredibly, the day after our initial interview via Telegram, Shefel proposed going into business together.

Retail

Retail Advertising Cryptocurrency Marketing

SMS Phishing + Cardless ATM = Profit

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. The text messages contained a link to unlock their accounts and led customers to a Web site that mimicked the legitimate Fifth Third site. Image: Mastercard.us.

Phishing

Phishing Banking Scams Accountability

FBI warns of malicious free online document converters spreading malware

ClickFix: How to Infect Your PC in Three Easy Steps

Trending Sources

Building Password Purgatory with Cloudflare Pages and Workers

New T-Mobile Breach Affects 37 Million Accounts

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Microsoft Executives Hacked

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Hackers take over 1.1 million accounts by trying reused passwords

Are You One of the 533M People Who Got Facebooked?

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Malicious Office 365 Apps Are the Ultimate Insiders

Why Phone Numbers Stink As Identity Proof

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Dirt-Cheap, Legit, Windows Software: Pick Two

Why & Where You Should You Plant Your Flag

How to Protect Your Gmail Password: Top Tips for Maximum Security

Dental group lied through teeth about data breach, fined $350,000

Recycle Your Phone, Sure, But Maybe Not Your Number

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Threat Modeling and Logins

Hackers Were Inside Citrix for Five Months

Can We Stop Pretending SMS Is Secure Now?

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Facebook and Instagram passwords were stored in plaintext, Meta fined

IRS Will Soon Require Selfies for Online Access

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

It’s Still Easy for Anyone to Become You at Experian

Begging for Bounties and More Info Stealer Logs

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

The 773 Million Record "Collection #1" Data Breach

Cisco warns of password-spraying attacks targeting Secure Firewall devices

IT administrators' passwords are awful too

Giving a Face to the Malware Proxy Service ‘Faceless’

The March Madness Cyber Threat

An Interview With the Target & Home Depot Hacker

SMS Phishing + Cardless ATM = Profit

Stay Connected