article thumbnail

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 354
article thumbnail

National Public Data Published Its Own Passwords

Krebs on Security

KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD.

Passwords 359
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords 346
article thumbnail

Using Hacked LastPass Keys to Steal Cryptocurrency

Schneier on Security

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? That’s a really profitable hack. (It’s Look, I know that online password databases are more convenient.

article thumbnail

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. ” On Feb.

article thumbnail

Analysing the (Alleged) Minneapolis Police Department "Hack"

Troy Hunt

I've now seen several versions of the same set of email addresses and passwords albeit with different attribution up the top of the file. They're simple passwords most likely cracked from other breaches. It's difficult to imagine someone creating an MPD account with that password. Not convinced? So where could they be from?

Hacking 364
article thumbnail

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. OGUsers was hacked at least twice previously, in May 2019 and again in March 2020. called Disco Payments. ”