Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords 234

Passwords Accountability Hacking Education 234

Troy Hunt

SEPTEMBER 3, 2021

let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! (I'm I'm not even sure what the next milestone will be.)

Password Management 248

Password Management Passwords Data breaches 248

Troy Hunt

MAY 6, 2022

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing.

IoT 289

IoT Data breaches Passwords 289

CyberSecurity Insiders

DECEMBER 26, 2022

Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers. And when they tried to access the account, their attempts failed as their passwords were changed.

Data breaches 133

Data breaches Accountability Internet Internet 133

Troy Hunt

DECEMBER 4, 2021

More tweaking to be done and more work to be done on the office, but it's all coming together very nicely now 😎 References My new Elgato Key Lights are now up and running (beautifully made product and a massive improvement on before) I may have underestimated how much it costs to ship books around the world for #pwnedmas (but hey, it's (..)

Password Management 241

Password Management Data breaches Passwords 241

Troy Hunt

FEBRUARY 10, 2023

Plus, there's a heap of new data breach and some really, really good news about the NTLM hashes now being available in Pwned Passwords. Book a demo today. In short - it's painful - but listen to this week's update to hear precisely why. It's Device Trust tailor-made for Okta.

VPN 223

VPN Passwords Data breaches Technology 223

Security Affairs

SEPTEMBER 2, 2019

Researchers from vpnMentor security firm have recently discovered a huge data breach in flight booking platform Option Way. . Researchers at vpnMentor discovered a huge data breach in flight booking platform Option Way as part of a web-mapping project. . SecurityAffairs – data breach, Option Way).

Data breaches 102

Data breaches Advertising Encryption Risk 102

Troy Hunt

DECEMBER 15, 2021

The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. Is this a data breach? So, someone did that 167 million times, dumped the data and shared it on a popular hacking forum. the Red Cross wasn't hacked either and that was clearly a data breach.

Data breaches 317

Data breaches Hacking Passwords Accountability 317

SC Magazine

JUNE 18, 2021

Carnival Corporation – which has been plagued by cyberattacks over the past few years – issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The post Carnival discloses new data breach on email accounts appeared first on SC Media.

Data breaches 108

Data breaches Accountability Phishing Security Awareness 108

CyberSecurity Insiders

JANUARY 30, 2023

Details are in that the info belongs to all those customers who booked their orders on the platform from the past few years(say between Nov’18 to Oct’2020) and might include sensitive details of half of the affected consumers. The post Data Breach at Britain JD Sports leaks 10 million customers appeared first on Cybersecurity Insiders.

Data breaches 109

Data breaches Retail Identity Theft Social Engineering 109

Troy Hunt

FEBRUARY 19, 2021

I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing.

Password Management 185

Password Management IoT Data breaches Passwords 185

Security Affairs

JANUARY 6, 2020

HappyHotel , a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December. Almex , the company that operates HappyHotel , published a data breach notice on the website. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 88

Data breaches Engineering Advertising Passwords 88

Troy Hunt

APRIL 23, 2023

What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. Book a demo today. References I take an inordinate amount of pleasure in screwing with scammers / spammers (and judging by the reactions to that thread, so do you!

Password Management 41

Password Management Data breaches Passwords 41

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released. The top 2 breach threat actions were Phishing and Use of Stolen Creds.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords!

Password Management 263

Password Management Passwords Data breaches Retail 263

Security Affairs

JANUARY 6, 2020

According to Active Network data breach notice, parents who accessed Blue Bear-based web store to pay school fees or buy books and other material between October 1, 2019, and November 13, 2019, might have had their personal data stolen. ” reads the notice of data breach. Pierluigi Paganini.

Data breaches 90

Data breaches Software Social Engineering Accountability 90

Krebs on Security

JANUARY 30, 2024

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. A booking photo of Noah Michael Urban released by the Volusia County Sheriff. A booking photo of Noah Michael Urban released by the Volusia County Sheriff. According to an Aug.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Malwarebytes

MAY 5, 2022

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. You can’t go wrong shoring up a leaky password line of defence though, so without further ado: let’s get right to it. Breaching the issue. The problem with passwords.

Passwords 98

Passwords Password Management Authentication Accountability 98

SecureWorld News

MAY 10, 2022

Even though World Password Day is over, it's never too late to remind your end-users that weak, unimaginative, and easy-to-guess passwords—like "123456," "qwerty," and, well… "password"—are poor options for securing accounts and devices. Improving password best practices matters.

Passwords 81

Passwords Education Password Management Computers and Electronics 81

Adam Levin

FEBRUARY 10, 2020

There is little you can do in the event we experience widespread DDoS attacks, but one tip is to buy a good book series or a few board games since it might take a while to get the internet working again. Never buy a device that doesn’t allow you to set a long and strong password. password, 123456, qwerty, etc.

Passwords 245

Passwords Phishing Password Management Accountability 245

Krebs on Security

NOVEMBER 3, 2022

” But for all the good it brought, the healthcare records management system that Vastaamo used relied on little more than a MySQL database that was left dangerously exposed to the web for 16 months, guarded by nothing more than an administrator account with a blank password. ” .

Data breaches 218

Data breaches Cybercrime Telecommunications Accountability 218

CyberSecurity Insiders

MARCH 11, 2022

Both the companies revealed the same in SEC filing and apologized for the incident and assured that such data breaches will never get repeated. Whereas, Vodafone is still investigating the cyber attack claims and internal data theft. The company that ferries about 4.6

Cyber Attacks 119

Cyber Attacks Data breaches Backups Accountability 119

Security Affairs

DECEMBER 21, 2023

The database included the personally identifiable information of Blink Mobility customers and administrators, including: Phone number Email address Encrypted password Registration date Device info and device token Details on subscription and rented vehicles (license plate, VIN, booking start and end location, etc.)

Mobile 140

Mobile Identity Theft Passwords Phishing 140

Security Affairs

MARCH 19, 2021

According to a report published by researchers at PrivacySavvy, many travel companies expose users’ data through their booking apps. In a report published on the 16 th of March by PrivacySavvy, many travel companies expose users’ data through their booking apps.

Data breaches 131

Data breaches Encryption Hacking Healthcare 131

Security Affairs

NOVEMBER 22, 2019

Security experts from vpnMentor discovered that Gekko Group, an AccorHotels subsidiary, exposes hotels and travelers in a massive data leak. Gekko Group is a leading European B2B hotel booking platform that also owns smaller hospitality brands, including Teldar Travel & Infinite Hotel.

B2B 124

B2B Advertising Accountability Passwords 124

Krebs on Security

NOVEMBER 14, 2024

A week after breaking the story about the 2013 data breach at Target, KrebsOnSecurity published Who’s Selling Cards from Target? ChronoPay founder and CEO Pavel Vrublevsky was the key subject of my 2014 book Spam Nation , which described his role as head of one of Russia’s most notorious criminal spam operations.

Retail 235

Retail Advertising Cryptocurrency Marketing 235

Adam Levin

SEPTEMBER 5, 2019

Facebook Is an Open Book. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t over-share on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit. Monitor your accounts.

Scams 197

Scams Accountability Financial Services Insurance 197

Security Affairs

DECEMBER 2, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. Million by Dutch and UK Data Protection Authorities over data breach. · AccuDoc Data Breach impacted 2.6 A new round of the weekly SecurityAffairs newsletter arrived! 20% discount. Kindle Edition.

Data breaches 89

Data breaches Advertising Ransomware Phishing 89

Schneier on Security

OCTOBER 12, 2018

The solution is complicated, and it's one I devoted my latest book to answering. California just enacted an Internet of Things security law that prohibits default passwords. It's basically a summary of what I talk about in my new book. We must engage with the future of internet security as a policy issue.

Government 239

Government Internet Internet Marketing 239

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum.

Cybercrime 247

Cybercrime Banking Computers and Electronics DDOS 247

CSO Magazine

OCTOBER 6, 2022

Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses.

Authentication 75

Authentication Small Business Password Management Passwords 75

Security Affairs

FEBRUARY 3, 2019

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. Dailymotion forces password reset in response to credential stuffing Attack. Iran-Linked APT39 group use off-the-shelf tools to steal data. Airbus data breach exposes some employeesdata. 20% discount.

DDOS 96

DDOS Data breaches Advertising Cybercrime 96

The Last Watchdog

MAY 24, 2021

Gone are the days when criminals had to try a one attack variant at a time, or one username/password combination at a time. This training can be pirated security training videos or books, or actual classes. The other driver is older data breaches that are sorted and dropped into scanners. I wrote about this last May.

Financial Services 178

Financial Services Passwords Media Accountability 178

Thales Cloud Protection & Licensing

MARCH 6, 2020

Simply taking a pause from email and social media in favor of a good book or conversation is known to increase your mood and life satisfaction. With increasing data breaches and unsuspecting users more vulnerable than ever before, cybersecurity situational awareness has never been more important. Pass on passwords.

Encryption 130

Encryption Authentication Passwords CISO 130

Security Affairs

SEPTEMBER 8, 2019

New Google bug bounty allows reporting the abuses of Google API, Chrome, and Android user data. Flight booking platform Option Way exposes customer and internal data. XKCD forum data breach impacted 562,000 subscribers. Over 600k GPS trackers left exposed online with a default password of ‘123456.

IoT 102

IoT Data breaches Advertising DNS 102

Security Affairs

NOVEMBER 25, 2018

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal. 20% discount. Kindle Edition. Paper Copy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 92

Data breaches Hacking Advertising Cryptocurrency 92

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. ” IMPROVEMENTS. -Use

DNS 271

DNS Internet Internet Government 271