Sending data over wireless formats like Wi-Fi and Bluetooth is very convenient, but not necessarily secure. A Princeton report revealed that some smart home devices unwittingly broadcast location information while others didn't encrypt their data streams at all.
To get around the uncertainty of pushing information over the air, some scientists have posited using the body as a conduit. Instead of using its magnetic field, as previous researchers have, engineers from the University of Washington have pioneered a way to send wireless signals from a touchpad or screen held in one hand to a smart device in physical contact with the other.Read more
Crikey: 43,570,999 user accounts were breached in a hack of Last.fm that occurred in March of 2012, according to a report from LeakedSource. The number of passwords and the severity of the hack were not uncovered until today.
Three months after the breach, in June of 2012, Last.fm issued the following statement: “We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.” The passwords were stored using unsalted MD5 hashing.Read more
Popular music streaming service Spotify is actively resetting a number of users' passwords. The company claims this is in response to data breaches of other websites, implying that the problem may be customers reusing passwords.
“To protect your Spotify account, we've reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password,” an email sent to a user on Wednesday reads. “Don't worry! This is purely a preventative security measure. Nobody has accessed your Spotify account, and your data is secure,” it continues.Read more
Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.
Experts obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee.Read more
Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera reported a security breach, which affects all users of the sync feature of its web browser.
So, if you’ve been using Opera’s Cloud Sync service, which allows users to synchronize their browser data and settings across multiple platforms, you may have hacked your sensitive data. Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack.Read more
Turns out even LastPass, a service promoted as a password "vault," might be putting its users at risk of being hacked. A security researcher with an established record of tracking down security flaws has found a so-called zero-day hole that could let hackers remotely break into LastPass' millions of accounts.
It takes only a visit to a malicious website to become a victim. White hat researcher Tavis Ormandy was first to identify the problem, publishing a tweet. Ormandy followed up with a tweet saying that he sent a full report to LastPass and next up will look at a rival password manger, 1Password.Read more
At first glance, a new hacking technique looks pretty scary. Using an attack researchers at cybersecurity firm Bastille are calling "keysniffer," hackers can detect every key you press on your wireless keyboard.
That means they can pick up your passwords, and maybe the answers to your security questions, like your mother's maiden name, too. The flaw affects keyboards manufactured by big names, like HP, Toshiba and General Electric. So far, bad news. The good news? To use "keysniffer" on you, hackers would have to be almost close enough to literally smell you. The attack works within 250 feet, which is about three-fourths the length of a football field.Read more
Those of you who use Citrix's GoToMyPC are going to have to reset your passwords. The service, which lets users remotely access PCs over the internet, was hit by a "very sophisticated password attack," Citrix said in a blog post. The company is requiring users to reset their passwords using the "forgot password" link.
Cyberattacks against websites have jumped in recent years as hackers find new ways to exploit security flaws. Hackers often sell stolen customer credentials on the black market. Users typically are prompted to reset their passwords but still have to worry about their personal information winding up in the wrong hands.Read more
The most recent version of the CryptXXX ransomware came with lots of changes, among which the most important is an infostealer module that can dump and steal passwords from various applications on the infected machine.
Called StillerX, this module was seen part of CryptXXX, detected by Proofpoint for the first time on May 26. The US security firm says that this CryptXXX version comes with lots of new features, but StillerX makes it more dangerous than before. StillerX works just like classic password dumpers, also known as infostealers. CryptXXX's StillerX module is capable of targeting all sorts of software.Read more
Several TeamViewer users have reported unauthorized access over the last few days, leading some to suspect that the remote connection company has been hacked. The unauthorized access reports started showing up on Reddit around the same time that the company suffered possible DNS issues that triggered an outage lasting for several hours.
In some cases, those users reporting the incidents on Reddit say their PayPal accounts, as well as Amazon accounts were raided – after the unauthorized user took advantage of stored credentials in the browser to conduct transactions.Read more