Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 359

Passwords Accountability VPN Malware 359

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  So, he asked them: I seem to have found my email in your data breach.

Data breaches 327

Data breaches Passwords B2B Technology 327

Malwarebytes

MAY 8, 2025

For decades, passwords have been our default method for keeping online accounts safe. A team at Cybernews conducted a study of over 19 billion newly exposed passwords which showed were looking at a a widespread epidemic of weak password reuse. Does that make the password obsolete? But our opponents have.

Passwords 75

Passwords Artificial Intelligence Identity Theft Password Management 75

Krebs on Security

JANUARY 7, 2025

In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. “Password is changed,” the man said.

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. You can make a stolen password useless to thieves by changing it. Set up identity monitoring.

Passwords 145

Passwords Password Management Phishing Authentication 145

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 73

Education Passwords Accountability Encryption 73

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 62

Passwords Password Management Malware Accountability 62

Malwarebytes

APRIL 24, 2025

In a data breach notice on its website, Blue Shield says it had begun notifying certain members of a potential data breach that may have included elements of their protected health information. This likely included protected health information. Change your password. Choose a strong password that you dont use for anything else.

Insurance 123

Insurance Data breaches Passwords Phishing 123

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing 271

Phishing Malware Scams Passwords 271

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. 1 – Storing 1 copy offsite (e.g.,

Small Business 162

Small Business Data breaches Backups Passwords 162

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Change your password. Better yet, let a password manager choose one for you.

Data breaches 129

Data breaches Healthcare Passwords Insurance 129

Security Affairs

APRIL 22, 2025

. “There has been a sharp increase in the number of cases of unauthorized access and unauthorized trading (trading by third parties) on Internet trading services using stolen customer information (login IDs, passwords, etc.) Avoid password reuse, choose complex passwords, and check account activity often.

Financial Services 119

Financial Services Passwords Accountability Antivirus 119

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. Hunt will add the information of the impacted users to HIBP very soon. Internet Archive hacked.

Data breaches 121

Data breaches Internet Internet DDOS 121

Malwarebytes

NOVEMBER 4, 2024

The attack was later claimed by the Rhysida ransomware group on their leak site, where the group posts information about victims that are unwilling to pay. Later, a security researcher disclosed information about the content of the stolen data with the media. Change your password. Enable two-factor authentication (2FA).

Data breaches 125

Data breaches Passwords Ransomware Phishing 125

Malwarebytes

APRIL 15, 2025

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, andin rare casesSocial Security Number exposed in a data breach. Change your password. Better yet, let a password manager choose one for you.

Data breaches 113

Data breaches Ransomware Passwords B2B 113

Malwarebytes

FEBRUARY 11, 2025

Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info. They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web.

Phishing 133

Phishing Passwords Mobile Authentication 133

Malwarebytes

MARCH 26, 2025

If you have any questions or need more information, please contact the guest directly or through our platform. Press Enter As we explained in more detail here , these instructions will infect their Windows system with an information stealer or Trojan. Find out what information is already out there. Press Ctrl + V.

Phishing 129

Phishing Malware Passwords Password Management 129

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S. million mobile and fixed subscribers. .

Cyber Attacks 125

Cyber Attacks Telecommunications Data breaches Banking 125

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. And since the backups that were made by a third party turned out to be incomplete, they were also unable to inform affected patients.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. TerraLogger, by contrast, is a standalone keylogger.

Passwords 63

Passwords Malware Cryptocurrency Cybercrime 63

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking 234

Hacking Cybercrime Advertising Data breaches 234

Malwarebytes

APRIL 28, 2025

This means those 21 million images could reveal everything from work processes to employees private information. This incident echoes a previous Cybernews investigation that found WebWork, another remote team tracker, leaked over 13 million screenshots containing emails, passwords, and other sensitive work data.

Passwords 97

Passwords Phishing Spyware Password Management 97

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 362

Phishing Password Management Passwords Banking 362

Security Affairs

APRIL 9, 2025

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. A remote attacker can exploit the vulnerability to change administrator passwords. ” reads the advisory. . ” reads the advisory. Upgrade to 7.6.1 or above FortiSwitch 7.4 through 7.4.4

Passwords 73

Passwords Hacking Information Security 73

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult.

Ransomware 122

Ransomware Encryption Passwords Backups 122

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 124

Healthcare Data breaches Passwords Identity Theft 124

Malwarebytes

APRIL 16, 2025

This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. Don’t reuse passwords. These account takeover attacks have skyrocketed lately. Protect your PC.

Internet 144

Internet Internet Passwords Artificial Intelligence 144

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware 139

Malware Adware Education Phishing 139

Malwarebytes

FEBRUARY 25, 2025

The attacker may have accessed over three million files containing personal information. This is one of these cases where a company most people have never heard of has amassed a mountain of information about many people. These data brokers gather information from several sources and sell them on to interested buyers.

Data breaches 109

Data breaches Passwords Phishing Password Management 109

eSecurity Planet

MARCH 31, 2025

Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. These messages contain links that direct users to fake Netflix websites designed to steal login information and payment details.

Scams 110

Scams Artificial Intelligence Phishing Passwords 110

Malwarebytes

NOVEMBER 4, 2024

Once a victim types their user ID and password, criminals will receive the data immediately. Note that the phishing site is using https, which means strictly nothing here (the information will be encrypted while in transit but received in clear text by the recipient). Indicators of Compromise Cloaking domains ixx-kexxx[.]com

Engineering 136

Engineering Phishing Banking Authentication 136

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. The company reset affected passwords.

Data breaches 114

Data breaches Passwords Accountability Hacking 114

Security Affairs

APRIL 15, 2025

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. where active user sessions are not properly invalidated after password changes. where active user sessions are not properly invalidated after password changes. All versions 6.1.4 are affected. version 6.1.5

Passwords 56

Passwords Big data Software Hacking 56

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials.

Data breaches 127

Data breaches Financial Services Hacking Mobile 127

Malwarebytes

MAY 8, 2025

Beside stealing usernames, passwords and circumventing two factor authentication, we identified malicious code capable of performing additional nefarious actions unbeknownst to the victim. Protect yourand your family’spersonal information by using identity protection. Indicators of Compromise Redirect deel[.]za[.]com datedeath[.]com

Phishing 68

Phishing Authentication Engineering Social Engineering 68

Malwarebytes

FEBRUARY 7, 2025

Post by emirking A translation of the Russian statement by the poster says: When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldnt stay hidden. If you fear that this breach might include your credentials you should: Change your password. What can users do?

Accountability 141

Accountability Phishing Passwords Authentication 141

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 124

Identity Theft Passwords Malware Banking 124