article thumbnail

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack. All I needed was for Scott to create an account and let me know the email address he used which in this case, was test@scotthelme.co.uk. Full account takeover.

article thumbnail

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. The next day, half of those profiles no longer existed.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. In the case of Zelle scams, the answer is yes. ” UNAUTHORIZED FRAUD.

Banking 292
article thumbnail

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

Schneier on Security

This is interesting : Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.

article thumbnail

Marriott Was Hacked -- Again

Schneier on Security

million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., linked airline loyalty programs and numbers).

Hacking 266
article thumbnail

Windows update may present users with a BitLocker recovery screen

Malwarebytes

If you are affected by this faulty update, you will be presented with a screen similar to this one when you boot the system. How to get the recovery key On another device, you can log in at [link] with your Microsoft account ID that you use on the currently affected system. Windows will also show a recovery ID to identify your key.

article thumbnail

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Whoever compromised the shop siphoned data on millions of card accounts that were acquired over four years through various illicit means from legitimate, hacked businesses around the globe — but mostly from U.S. Although Visa cards made up more than half of accounts put up for sale (12.1 Source: NYU.