password

WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

bitdefender.com

Man who hacked National Lottery for just £5 is jailed for nine months

Lottery operator Camelot says that responding to the hacking attack in 2016 cost it £230,000.

How much did the hacker Anwar Batson make out of it? A mere £5.

Read more in my article on the Hot for Security blog.

49% of workers, when forced to update their password, reuse the same one with just a minor change

A new survey has revealed some alarming news about the way users are choosing their passwords in their homes and workplace.

Smashing Security #155: Juice jacking, YouTube hacking, password slacking

A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White.

Smashing Security #146: Password secrets and baking brownies

In the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.

Umm.. that’s not a movies password update. That’s a downgrade

A cinema chain has given customers a password that any mischief-maker with half a brain cell could deduce.

bitdefender.com

Google stored business customers’ passwords in plaintext on its servers… for 14 years

Google has admitted that some of its business customers of G Suite (formerly known as Google Apps) had their passwords stored on the company’s internal servers for 14 years in plaintext.

Read more in my article on the Bitdefender Business Insights blog.

Zara Larsson wants your password so she can watch Game of Thrones

When a celebrity asks if you can share your password…

bitdefender.com

Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps

App accounts were “protected” by a default password. That password? 123456.

Read more in my article on the Hot for Security blog.

High school election hacked by candidate who exploited weak passwords

When Berkeley High School in California held its first ever elections for student government last month, things went about as well you probably expected…

Some 2000 Facebook staff had access to millions of Facebook users’ passwords… stored in plaintext

Stretching back as far as 2012, Facebook has been storing the passwords of hundreds of millions of users unencrypted, in plaintext.

And those passwords were searchable by Facebook staff…

bitdefender.com

Man arrested for selling one million Netflix, Spotify, Hulu passwords

The WickedGen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted “access to thousands of premium accounts across a huge range of services.”

Read more in my article on the Hot for Security blog.

Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty

There has been another twist in the curious case of QuadrigaCX, a Canadian cryptocurrency exchange whose CEO unexpectedly and suddenly died without telling anyone else his password.

And it sounds like more troubling news for investors.

tripwire.com

Google Chrome extension warns if your password has been leaked

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.