Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack? But doesn't this all make biometrics like passwords?

Authentication 343

Authentication Passwords Data breaches Risk 343

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. APP-BASED AUTHENTICATION. “We point this out to encourage everyone here to move to token-based 2FA.”

Authentication 223

Authentication Mobile Passwords Accountability 223

The Last Watchdog

JUNE 9, 2021

Massive data base breaches today generally follow a distinctive pattern: hack into a client -facing application; manipulate an API; follow the data flow to gain access to an overly permissive database or S3 bucket (cloud storage). A classic example of this type of intrusion is the Capital One data breach.

Data breaches 203

Data breaches Software Hacking Mobile 203

Security Affairs

NOVEMBER 2, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. ” reads the data breach notification sent to the impacted individuals and shared with the Office of the Maine Attorney General.

Data breaches 140

Data breaches Hacking Social Engineering Healthcare 140

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk. Often inadvertent data breaches stem from a well-meaning employee trying to meet the needs of clients but without the technical systems to facilitate.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Krebs on Security

DECEMBER 13, 2022

While the FBI’s InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. Prior to its infiltration by the FBI, RaidForums sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Security Affairs

NOVEMBER 3, 2021

Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. SecurityAffairs – hacking, data breach). The post The U.K.

Data breaches 143

Data breaches Ransomware Authentication Hacking 143

Krebs on Security

AUGUST 6, 2020

. “We identified a handful of legitimate businesses who are customers that may have experienced a breach,” Dubner said. Dubner said all customers are required to use multi-factor authentication, and that everyone applying for access to its services undergoes a rigorous vetting process.

Accountability 362

Accountability Identity Theft Hacking Insurance 362

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. ” reads the data breach notification send to the impacted individuals. date and time of the message, type of message, etc.).”

Data breaches 140

Data breaches Social Engineering Engineering Authentication 140

Security Affairs

JUNE 19, 2024

. “We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.” ” Earlier this week IntelBroker announced on the BreachForums cybercrime forum that they were “selling the AMD.com data breach.”

Data breaches 137

Data breaches Firmware Cybercrime Media 137

Security Affairs

NOVEMBER 16, 2023

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. ” reads the data breach notification sent to the customers.

Data breaches 139

Data breaches eCommerce Hacking Passwords 139

Security Affairs

SEPTEMBER 3, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. Threat actors had access to internal company data, including the source code of Galaxy models.

Data breaches 145

Data breaches Hacking Authentication Cybersecurity 145

Security Affairs

OCTOBER 4, 2023

Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information.

Data breaches 145

Data breaches Ransomware Hacking Software 145

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.

Data breaches 144

Data breaches Telecommunications Cybercrime Hacking 144

Troy Hunt

JANUARY 8, 2019

Regular readers will appreciate the mechanics of this already but all those who I point here for whom this is new, this attack simply takes exposed credentials from a data breach and tries them on another site. Got my playlists deleted and the hacker created a playlist called "Get Hacked".

Hacking 230

Hacking Passwords Accountability Data breaches 230

Krebs on Security

JANUARY 7, 2025

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. “ Annie.”

Phishing 333

Phishing Cryptocurrency Accountability Social Engineering 333

Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” “I fear all US based data my be lost.” Strangely, not all VMs shared the same authentication, but all were destroyed.

Hacking 273

Hacking DDOS Backups Accountability 273

Dark Reading

AUGUST 11, 2022

Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

Data breaches 135

Data breaches VPN Hacking Authentication 135

Krebs on Security

JULY 12, 2024

disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).

Data breaches 343

Data breaches Passwords Authentication Accountability 343

Security Affairs

MAY 13, 2024

Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. The company is notifying the impacted customers. ” continues the notice.

Data breaches 128

Data breaches Cyber Attacks Identity Theft Banking 128

Krebs on Security

SEPTEMBER 13, 2023

Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal ). Microsoft Corp. government inboxes.

Cybercrime 333

Cybercrime Passwords Authentication Malware 333

SecureWorld News

MARCH 24, 2022

One of the first hacks to ever get widespread public attention occurred on the night of April 27, 1986. RELATED: Original HBO Hack ]. To some, the ability to hack a satellite broadcast was unsettling. Now, headlines about ransomware, cyberattacks, and data breaches pour into social media feeds as steady as a river flows.

Data breaches 128

Data breaches Passwords Accountability Government 128

Security Affairs

OCTOBER 26, 2023

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach.

Data breaches 143

Data breaches Ransomware Education Cybersecurity 143

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- reads the advisory published by the company.

Data breaches 135

Data breaches Education Ransomware Software 135

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Data breaches 123

Data breaches Cybercrime Authentication Technology 123

Security Affairs

AUGUST 24, 2022

The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords. According to the company, financial and payment data were not compromised because are not stored on its servers.

Data breaches 134

Data breaches Passwords Media Accountability 134

Security Affairs

NOVEMBER 2, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks.

Firmware 121

Firmware Manufacturing IoT Healthcare 121

Security Affairs

APRIL 10, 2024

AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. ” reads the data breach notification.

Data breaches 126

Data breaches Telecommunications Identity Theft Hacking 126

The Last Watchdog

AUGUST 29, 2022

Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. Authentication bypass.

Hacking 201

Hacking Passwords Password Management Data breaches 201

Krebs on Security

AUGUST 2, 2019

In Capital One’s case, the misconfigured WAF for whatever reason was assigned too many permissions, i.e. it was allowed to list all of the files in any buckets of data, and to read the contents of each of those files. “SSRF has become the most serious vulnerability facing organizations that use public clouds,” Johnson wrote.

Hacking 263

Hacking Firewall Data breaches Software 263

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans.

Hacking 293

Hacking Identity Theft Government Phishing 293

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals.

Data breaches 131

Data breaches Telecommunications Banking Mobile 131

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

The Last Watchdog

SEPTEMBER 24, 2024

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection?

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. started receiving emails with a “cash back” offer. .”

Passwords 363

Passwords Password Management Phishing Scams 363

SecureWorld News

APRIL 2, 2024

After weeks of denial, AT&T has finally acknowledged a massive data breach impacting 73 million current and former customer accounts. The telecom giant had initially claimed that a large trove of personal data leaked on the Dark Web did not originate from their systems.

Data breaches 105

Data breaches Identity Theft Accountability Authentication 105

Troy Hunt

APRIL 14, 2024

Data breach verification: that seems like a good place to start given the discussion in this week's video about Accor. Watch the vid for the whole thing but in summary, data allegedly taken from Accor was published to a popular hacking forum and the headlines inevitably followed.

Retail 256

Retail Authentication Data breaches Hacking 256