Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 346

Passwords Accountability VPN Malware 346

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing 271

Phishing Malware Scams Passwords 271

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  So, he asked them: I seem to have found my email in your data breach.

Data breaches 303

Data breaches Passwords B2B Technology 303

Krebs on Security

JANUARY 7, 2025

In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. “Password is changed,” the man said.

Phishing 339

Phishing Cryptocurrency Accountability Social Engineering 339

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. You can make a stolen password useless to thieves by changing it. Set up identity monitoring.

Passwords 144

Passwords Password Management Phishing Authentication 144

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. So basically: Minor incident, but no customer data or vaults were lost.

Password Management 364

Password Management Passwords Encryption Backups 364

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. 1 – Storing 1 copy offsite (e.g.,

Small Business 162

Small Business Data breaches Backups Passwords 162

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. Hunt will add the information of the impacted users to HIBP very soon. Internet Archive hacked.

Data breaches 120

Data breaches Internet Internet DDOS 120

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Change your password. Better yet, let a password manager choose one for you.

Data breaches 120

Data breaches Healthcare Passwords Insurance 120

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware 137

Malware Adware Education Phishing 137

The Last Watchdog

OCTOBER 10, 2024

Where a traditional threat intelligence or investigations tool may provide a small number of records directly correlated to the search input, IDLink expands the pool of results to include identity data correlated across shared usernames, emails, passwords, and PII – with flexible options around pivoting depth, confidence levels, and visualization.

Risk 286

Risk Cybercrime Identity Theft Phishing 286

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S. million mobile and fixed subscribers. .

Cyber Attacks 124

Cyber Attacks Telecommunications Data breaches Banking 124

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. And since the backups that were made by a third party turned out to be incomplete, they were also unable to inform affected patients.

Data breaches 144

Data breaches Ransomware Passwords Insurance 144

Security Affairs

MARCH 24, 2025

The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. ” reads the alert.

Malware 115

Malware Scams Identity Theft Antivirus 115

Malwarebytes

MARCH 26, 2025

If you have any questions or need more information, please contact the guest directly or through our platform. Press Enter As we explained in more detail here , these instructions will infect their Windows system with an information stealer or Trojan. Find out what information is already out there. Press Ctrl + V.

Phishing 109

Phishing Malware Passwords Password Management 109

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking 232

Hacking Cybercrime Advertising Data breaches 232

Schneier on Security

NOVEMBER 17, 2022

On top of that, it seems that the system has a new vulnerability : A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication. This is not a good sign.

Authentication 363

Authentication Passwords Accountability Media 363

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. SCAN NOW If your data was exposed in the 23andMe breach, here is what you can do: Change your password. Watch out for fake vendors.

Passwords 112

Passwords Accountability Data breaches Phishing 112

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 353

Phishing Password Management Passwords Banking 353

Malwarebytes

FEBRUARY 11, 2025

Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info. They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web.

Phishing 122

Phishing Passwords Mobile Authentication 122

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult.

Ransomware 121

Ransomware Encryption Passwords Backups 121

eSecurity Planet

MARCH 31, 2025

Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. These messages contain links that direct users to fake Netflix websites designed to steal login information and payment details.

Scams 92

Scams Artificial Intelligence Phishing Passwords 92

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. The company reset affected passwords.

Data breaches 113

Data breaches Passwords Accountability Hacking 113

eSecurity Planet

FEBRUARY 25, 2025

As discussed on WindowsForum, this “password spray and pray” attack highlights the importance of robust authentication measures. Understanding the password spray and pray attack Attackers employing this technique use a list of common passwords, attempting them across numerous Microsoft accounts in rapid succession.

Passwords 58

Passwords Authentication Accountability Threat Detection 58

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials.

Data breaches 127

Data breaches Financial Services Hacking Mobile 127

Malwarebytes

FEBRUARY 21, 2025

Healthcare is one of the sectors that has the most sensitive information about us. Because of its access and storage of our personal health information (PHI) and other personally identifiable information (PII), the healthcare sector should be one of the most secure ones, but due to lack of funding and other resources, it is not.

Healthcare 108

Healthcare Data breaches Passwords Phishing 108

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 124

Identity Theft Passwords Malware Banking 124

Troy Hunt

APRIL 5, 2023

You've probably seen stories and infographics about how much your personal information is worth, both to legitimate organisations and criminal networks. In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc.

Marketing 355

Marketing Passwords Authentication Accountability 355

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Malwarebytes

NOVEMBER 4, 2024

The attack was later claimed by the Rhysida ransomware group on their leak site, where the group posts information about victims that are unwilling to pay. Later, a security researcher disclosed information about the content of the stolen data with the media. Change your password. Enable two-factor authentication (2FA).

Data breaches 106

Data breaches Passwords Ransomware Phishing 106

Security Affairs

NOVEMBER 21, 2024

The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government. This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information. ” reported the Associated Press.

Government 144

Government Hacking Ransomware Insurance 144

eSecurity Planet

NOVEMBER 6, 2024

Cookies play a crucial role in enhancing your online experience, but they can also be exploited by cybercriminals to access sensitive information. Though cookies themselves don’t steal passwords, they can be hijacked to access sensitive data. Cookies track users with unique IDs. How Does Cookie Stealing Work?

Identity Theft 110

Identity Theft Passwords Phishing Accountability 110

Krebs on Security

JUNE 15, 2024

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Hacking 336

Hacking Phishing Cybercrime Passwords 336

Troy Hunt

JANUARY 17, 2024

Website, username and password: That's just the first 20 rows out of 5 million in that particular file, but it gives you a good sense of the data. The question of how valid the accompanying passwords remain aside, time and time again the email addresses in the stealer logs checked out on the services they appeared alongside.

Passwords 361

Passwords Password Management Hacking Accountability 361

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. ” The phony booking.com website generated by visiting the link in the text message. .”

Phishing 263

Phishing Accountability Artificial Intelligence Cybercrime 263

Security Affairs

OCTOBER 21, 2024

Despite being informed weeks prior, the organization’s failure to rotate exposed API keys, particularly the Zendesk token with access to over 800,000 support tickets, reflects poor incident response. Hunt will add the information of the impacted users to HIBP very soon.

Internet 127

Internet Internet Data breaches Authentication 127

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 110

Healthcare Data breaches Passwords Identity Theft 110