A seemingly benign group of hackers is taking over the social media accounts of big personalities in the wake of the leak of hundreds of millions of LinkedIn passwords.
The group claims to have recently hacked the accounts of, Twitter co-founder Biz Stone, Minecraft creator Markus “Notch” Persson, actor Sawyer Hartman, and pop star David Choi, among others. The only thing these targets have in common is that they are relatively famous, and all have a LinkedIn account. It’s unclear how the hackers are taking over the accounts, but there’s some circumstantial evidence that supports the theory that they might be using passwords stolen from LinkedIn back in 2012.Read more
Quite literally, every day someone gets hacked. Whether that's a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another.
Over seven million user accounts belonging to members of Minecraft community “Lifeboat” have been hacked, according to security researcher Troy Hunt. He said he will upload the data to his breach notification website “Have I Been Pwned?”, which allows people to check if their account is compromised and that it includes email addresses and weakly hashed passwords.Read more
It's basically the company's plot to kill the password in cold blood, by replacing it with smartphone user authentication via an uncrackable collection of biometric readings.
Abacus would lock or unlock devices and apps based on a cumulative "trust score" -- as your phone continually monitors and recognizes your location patterns, voice and speech patterns, how you walk and type, and your face. Like many things Google, it sounds miraculous. Your phone will just know it's you. And infosec pundits who believe we're stuck in password-hell Groundhog Day because "regular" people won't do security if it's inconvenient, will rejoice.Read more
The cable giant acknowledged that email addresses and passwords of up to 320,000 customers may have been stolen.
The company said it doesn't know yet how data was compromised but speculated it was either attacks against other companies that store TWC subscriber information or malware downloaded in phishing attacks on customers. Cyberattacks against businesses are nothing new but have ramped up in recent years as hackers find new ways to exploit security holes. Hackers often sell stolen customer data on the black market and force companies to acknowledge shoddy data-protection practices.Read more
Uber is off to a rocky start in China. The company threatened to punish any of its drivers that took part in protests against the taxi app, a large number of trips in the country are false trips concocted by drivers looking to make some easy yuan on Uber's dime.
Now, it looks like Chinese fraudsters are using hacked Uber accounts to take free trips. In May, thousands of Uber accounts were for sale on the dark web, for as little as $1 each. In August, the price of hacked accounts dropped to just 40 cents. Those accounts were accessed by hackers because Uber customers had used the same password in their taxi app as one for another service.Read more
Three weeks ago adultery website Ashley Madison was hacked, exposing account information for more than 30 million users. Private membership information including names, email addresses, and detailed sexual preferences were made public.
Despite making itself vulnerable to the data breach in the first place, Ashley Madison did secure its users using bcrypt-hashed passwords. However, security firm Avast issued a new report finding some of its users' passwords were among the worst, most common passwords you could possibly pick to secure your adulterous online dating account.Read more
This fall, MasterCard will start experimenting with a new program: approving online purchases with a facial scan. At checkout, you'll be asked to hold up your phone and snap a photo. MasterCard's thinking? It's easier than remembering a password.
This is MasterCard's way of cutting down fraud. Currently, customers can set up something called "SecureCode," which requires a password when shopping online. This stops credit-card-number-stealing hackers from actually using your card on the Web. It was used in 3 billion transactions last year. But passwords get forgotten, stolen, or intercepted. So, banks are following Apple's lead.Read more
Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don't use it at all.
The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the Match.com dating service and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users' handsets.Read more
Some of the most effective scams are often very simple; take for example dressing up as a police officer and asking someone to hand over the keys to their car. The average person on the street would probably hand them over without question and this is why impersonating a police officer is classed as a very serious crime the world over.
This scam has two things going for it: its simplicity and the fact that people have an overwhelming tendency to trust figures of authority. These two qualities work just as well in the world of cybercrime and we recently came across a case that proves just that.Read more
An online password manager can make your life much easier by automatically entering individual passwords for each website and service you visit. It is a very convenient tool – unless it is hacked.
In that instance, by discrediting a single password, cyber criminals can receive access to invaluable information, including banking credentials. LastPass, a popular password manager, has recently disclosed a network breach. Attackers compromised user email addresses, password reminders, per-user salts and authentication hashes. The passwords themselves were not compromised, as the service doesn’t store them in its cloud.Read more