Comcast has reset passwords of 200,000 accounts after information about its 590,000 accounts were put on sale online. Comcast denies any data breach and confirms that its apps were not compromised by hackers.
The seller of the Comcast data listed 112 Comcast accounts as proof and offered 100,000 account information such as Comcast email addresses and corresponding password for just $300. Comcast is aware of the incident and has reset the passwords of the accounts at risk. The source of the leaked data remains unknown. Comcast has millions of customers, who would be concerned if they are a victim of the latest data breach.Read more
A security researcher has discovered a trove of more than 13 million plaintext passwords that appear to belong to users of 000Webhost, a service that says it provides reliable and high-speed webhosting for free.
The leaked data was obtained by Troy Hunt, the operator of a service that helps people figure out if their personal data has been exposed. Hunt received the data from someone who contacted him and said it was the result of a hack five months ago on 000Webhost. He uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL.Read more
A Microsoft engineer has uncovered a tiny flaw in the way 1Password manages user metadata in some setups, exposing user details along the way.
You can read the in-depth explanation of this entire 1Password (intentional) design flaw on Dale Myers' website, but we're also going to summarize it for you if you're not in the mood for technical blog posts at this time of day. Mr. Myers has found out that 1PasswordAnywhere, a 1Password feature that stores the user's accounts and passwords inside an HTML file on Dropbox accounts, only encrypts password data, but not the metadata for each account.Read more
Security researchers have uncovered advanced malware that can steal virtually all of a large organization's e-mail passwords by infecting its Outlook Web Application mail server over an extended period of time.
Researchers from security firm Cybereason discovered the malicious OWA module after receiving a call from an unnamed company that had more than 19,000 endpoints. The customer had witnessed several behavioral abnormalities in its network and asked Cybereason to look for signs of an infection. Within a few hours, the security firm found a suspicious DLL file loaded into the company's OWA server.Read more
Uber is off to a rocky start in China. The company threatened to punish any of its drivers that took part in protests against the taxi app, a large number of trips in the country are false trips concocted by drivers looking to make some easy yuan on Uber's dime.
Now, it looks like Chinese fraudsters are using hacked Uber accounts to take free trips. In May, thousands of Uber accounts were for sale on the dark web, for as little as $1 each. In August, the price of hacked accounts dropped to just 40 cents. Those accounts were accessed by hackers because Uber customers had used the same password in their taxi app as one for another service.Read more
The British spying agency, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.
The agency gives a range of hints to those working in IT as well as normal consumers. Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone. The agency also warns against the problems of password overload. That is what happens when people create too many complex and unmemorable passwords.Read more
Three weeks ago adultery website Ashley Madison was hacked, exposing account information for more than 30 million users. Private membership information including names, email addresses, and detailed sexual preferences were made public.
Despite making itself vulnerable to the data breach in the first place, Ashley Madison did secure its users using bcrypt-hashed passwords. However, security firm Avast issued a new report finding some of its users' passwords were among the worst, most common passwords you could possibly pick to secure your adulterous online dating account.Read more
A survey carried out on 522 respondents highlights the current hatred people have for passwords and their openness to implementing simpler, yet safer authentication systems.
The survey shows that 84% of survey takers would be open to the idea of doing away with passwords, and three-quarters of all respondents see alternative identity verification systems like facial recognition, retinal scans, and fingerprints as more secure. The LaunchKey study also highlighted that most people don't trust online retailers with their passwords while banking and financial institutes are at the opposite side of the spectrum.Read more
This fall, MasterCard will start experimenting with a new program: approving online purchases with a facial scan. At checkout, you'll be asked to hold up your phone and snap a photo. MasterCard's thinking? It's easier than remembering a password.
This is MasterCard's way of cutting down fraud. Currently, customers can set up something called "SecureCode," which requires a password when shopping online. This stops credit-card-number-stealing hackers from actually using your card on the Web. It was used in 3 billion transactions last year. But passwords get forgotten, stolen, or intercepted. So, banks are following Apple's lead.Read more
As more and more of our existence has moved online, we’ve become ever more dependent on that bane of the connected life: passwords. They’ve become so pervasive and complicated that it’s become virtually impossible for most humans to use and remember different passwords for all of their accounts.
Nearly three-quarters of passwords are reused on various accounts, with an average of six passwords being used across 24 accounts, according to a recent report by mobile identity solutions firm TeleSign. The two most popular passwords found on the Internet last year were (once again) 123456 and “password,” according to password management provider.Read more