fbpx

Download free GDPR compliance checklist!

Tag Archives for " passwords "

Over 21 million stolen login credentials found on the dark web

Stolen login credentials from Fortune 500 companies have been found in numerous places on the dark web, many of which are available in plaintext form.

Amid the 21 million records exposed, it is noted that only 4.9 million of them were fully unique passwords, suggesting that many users have identical or similar passwords. 16 million of them being compromised during the last 12 months.

Source: State of Stolen Credentials in the Dark Web from Fortune 500 Companies | ImmuniWeb Security Blog

Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

Old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help.

Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service.

Source: Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet

Irish data regulator looking into Facebook password gaffe

Ireland’s Data Protection Commission (DCP) has confirmed it’s looking into the hundreds of millions of passwords that Facebook stored without encryption.

The social network notified the regulator that user passwords for Facebook, Facebook Lite and Instagram were stored in plain text in the company’s internal servers.

Source: Irish data regulator looking into Facebook password gaffe | IT PRO

Facebook app developers leaked millions of user records on cloud servers

Facebook app developers left hundreds of millions of user records exposed on publicly visible cloud servers.

The larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said.

A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.

Source: Facebook app developers leaked millions of user records on cloud servers, researchers say – The Verge

Study shows programmers will take the easy way out and not implement proper password security

In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner.

For their study, the German academics asked a group of Java programmers to write a user registration system for a fake social network. The results show that the level of understanding of what “secure passwords” mean differs greatly in the web development community.

Paying developers higher rates didn’t help considerably, researchers said. However, the research team found that giving programmers specific instructions to implement a secure password storage system did yield better results than not saying anything at all and then expecting developers to think of security by themselves.

Source: Study shows programmers will take the easy way out and not implement proper password security | ZDNet

W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins

The World Wide Web Consortium (W3C) and the FIDO Alliance announced the Web Authentication (WebAuthn) specification is now an official web standard.

WebAuthn is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) Web browsers.

WebAuthn allows users to log into their internet accounts using their preferred device. Web services and apps can — and should—turn on this functionality to give their users the option to log in more easily via biometrics, mobile devices and/or FIDO security keys, and with much higher security over passwords alone.

Source: W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins

Google’s new Chrome Extension checks your passwords are still secure

A new Chrome Extension from Google called Password Checkup will automatically check whether your passwords have been exposed in a data breach.

Once installed, the extension checks any login details you use — Google says “most” US sites are supported — against a database of around four billion usernames and passwords, and warns you if it finds a match.

Source: Google’s new Chrome Extension checks your passwords are still secure – The Verge

Largest collection of breached data ever seen is found

The largest collection of breached data ever seen has been discovered, comprising of more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.

The 87GB data dump was discovered by security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload “Collection #1”, said it is probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.

Source: Largest collection of breached data ever seen is found | Technology | The Guardian

How Hackers Bypass Gmail 2FA at Scale

Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.

Full article: How Hackers Bypass Gmail 2FA at Scale – Motherboard

1 2 3 4
>