Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. In an email sent to customers today, Ubiquiti Inc. Enable 2FA.

Passwords 362

Passwords Authentication Firmware Accountability 362

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 361

Passwords Accountability VPN Malware 361

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. And all of them operate via Telegram , a cloud-based instant messaging system.

Passwords 342

Passwords Mobile Authentication Banking 342

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising 131

Advertising Accountability Phishing Scams 131

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 336

Mobile Accountability Data breaches Identity Theft 336

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing 263

Phishing Accountability Artificial Intelligence Cybercrime 263

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. billion yen Typically, attackers hijack victim accounts, sell held stocks, and use the proceeds to buy assets like Chinese stocks, which remain in the account post-attack.

Financial Services 119

Financial Services Passwords Accountability Antivirus 119

Security Affairs

MAY 2, 2025

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.

Accountability 60

Accountability Passwords Social Engineering Authentication 60

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  So, he asked them: I seem to have found my email in your data breach.

Data breaches 334

Data breaches Passwords B2B Technology 334

Krebs on Security

NOVEMBER 21, 2024

The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. Click to enlarge.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Don’t reuse passwords. Use a password manager.

Accountability 91

Accountability Spyware Passwords Password Management 91

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing 271

Phishing Malware Scams Passwords 271

Malwarebytes

FEBRUARY 14, 2025

The data contains names, email addresses, usernames, passwords, phone numbers, addresses, company names, and additional personal information. Now, a cybercriminal using the monicker Jurak, leaked sensitive information related to roughly 12 million accounts, which allegedly stems from a breach that happened last year.

Accountability 83

Accountability Data breaches Passwords Phishing 83

Malwarebytes

OCTOBER 22, 2024

Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts back. Is a comparison always possible?

Accountability 119

Accountability Scams Media Artificial Intelligence 119

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 72

Education Passwords Accountability Encryption 72

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. This is not a good sign.

Authentication 363

Authentication Passwords Accountability Media 363

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking 234

Hacking Cybercrime Advertising Data breaches 234

Malwarebytes

FEBRUARY 11, 2025

Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info. They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web.

Phishing 127

Phishing Passwords Mobile Authentication 127

Malwarebytes

APRIL 16, 2025

Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately. Don’t reuse passwords. Bad bots do all kinds of unpleasant things. Protect your PC.

Internet 142

Internet Internet Passwords Artificial Intelligence 142

Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Mobile 361

Mobile Passwords Accountability Cybercrime 361

Krebs on Security

APRIL 6, 2021

Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. billion active monthly users. According to a Jan. Image: @UnderTheBreach.

Mobile 356

Mobile Accountability Passwords Authentication 356

Security Boulevard

NOVEMBER 10, 2024

Your internet account passwords are probably among the most guarded pieces of information you retain in your brain. With everything that has recently migrated to the digital realm, a secure password functions as the deadbolt to your private data.

Passwords 64

Passwords Accountability Internet Internet 64

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S. million mobile and fixed subscribers. .

Cyber Attacks 124

Cyber Attacks Telecommunications Data breaches Banking 124

eSecurity Planet

MARCH 31, 2025

Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. One of the most common methods is smishing, which involves sending fraudulent text messages claiming your Netflix account has been locked due to suspicious activity.

Scams 108

Scams Artificial Intelligence Phishing Passwords 108

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. Losing data related to a financial account can have severe consequences.

Passwords 144

Passwords Password Management Phishing Authentication 144

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. But Warren did get the requested information from PNC, Truist and U.S.

Banking 285

Banking Accountability Scams Passwords 285

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). million customers. He is currently in custody in a Turkish prison.

Hacking 241

Hacking Government Identity Theft Accountability 241

Security Affairs

APRIL 19, 2025

Threat actors were spotted exploiting the default super admin account (admin@LocalDomain), which often still uses the weak default password password. Even fully patched devices can be compromised if password hygiene is poor. Arctic Wolf is monitoring the situation and urges organizations to secure all local accounts.

Passwords 105

Passwords VPN Firewall Accountability 105

Krebs on Security

FEBRUARY 4, 2025

The email address used for those accounts was f.grimpe@gmail.com. — is registered at an address in Gan-Ner, Israel, but there is no ownership information about this entity. Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel. lol and nulled[.]it.

eCommerce 204

eCommerce Cybercrime Accountability Passwords 204

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 60

Passwords Password Management Malware Accountability 60

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Change your password. Better yet, let a password manager choose one for you.

Data breaches 124

Data breaches Healthcare Passwords Insurance 124

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 334

Hacking Accountability Passwords Cybersecurity 334

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. The company reset affected passwords.

Data breaches 113

Data breaches Passwords Accountability Hacking 113

Malwarebytes

APRIL 24, 2025

In a data breach notice on its website, Blue Shield says it had begun notifying certain members of a potential data breach that may have included elements of their protected health information. This likely included protected health information. Change your password. Choose a strong password that you dont use for anything else.

Insurance 113

Insurance Data breaches Passwords Phishing 113

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking 344

Hacking Cybercrime Passwords Authentication 344

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 124

Identity Theft Passwords Malware Banking 124