Articles about password security

Image by Walther S http://www.shutterstock.com/gallery-955900p1.html

Bazinga! Social network Taringa 'fesses up to data breach

Latin American social networking site Taringa has suffered a database breach that has resulted in the spill of more than 28 million records. Usernames, hashed passwords (using the weak MD5 algorithm) and personal email addresses have been exposed by the breach. Argentinia-based Taringa’s breach statement (in Spanish) can be …
John Leyden, 5 Sep 2017

iCloud extortion racket nowhere near as epic as we thought it might be

A threat to wipe millions of supposedly compromised iCloud accounts and iPhones has yet to materialise. A security expert who has analysed samples of compromised data has concluded that the threat – such as it is – only exposes a small number of accounts to potential credential-stuffing attacks. The self-styled Turkish Crime …
John Leyden, 7 Apr 2017
Two upended shopping trolleys in an alleyway. Photo by Cyron, licensecd under CC 2.0

Many UK ecommerce sites allow ‘password’ for logins – report

Many of the UK’s most popular ecommerce sites have unsafe password practices, according to a new study, with four in five not requiring the use of a capital letter and a number/symbol. Also, 16 per cent of sites accept the ten most common passwords, including “password”, according to security management outfit Dashlane. This …
John Leyden, 20 Nov 2015
No junk mail. Pic: gajman, Flickr

SendGrid infosec chief eats humble pie, admits email service hacked

Marketing email distribution service SendGrid is asking customers to switch passwords after admitting it got hacked. The move follows the realisation that a previously reported hack is a bigger deal than previously imagined. The initial alert was triggered after the SendGrid account of Bitcoin exchange Coinbase was compromised …
John Leyden, 28 Apr 2015

Twitch stitch-up: Gaming vid streamers in data breach hack alert

Gameplay-streaming upstart Twitch thinks hackers may have harvested its user accounts for private information – and has reset people's passwords as a precaution. The San Francisco-based startup, which lets people stream videos of themselves playing games to online spectators – said it has also voided all stream keys, and …
Shaun Nichols, 23 Mar 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 8 Dec 2014
Photo by Heather Sorenson / sxc.hu

Webcam hacker pervs in MASS HOME INVASION

Too many people are leaving their internet-connected webcams wide open to silent perverts, the UK's privacy watchdog has warned. The ICO has urged everyone to make sure they've changed their passwords on the devices from the factory defaults, which scumbags are exploiting to spy on victims from afar. The warning follows the …
John Leyden, 20 Nov 2014
Fraud image

Hacked and ashamed? C'mon, Brits – report that cybercrime

Internet-enabled frauds reached £670m across the UK in the 12 months running up to the end of August, according to new figures from the National Fraud Intelligence Bureau. Since the majority of internet-enabled fraud cases still go unreported, the true economic cost to the UK is likely to be significantly higher. The figures …
John Leyden, 21 Oct 2014
Chat from the #opaustralia IRC channel

Freenode IRC users told to change passwords after securo-breach

A security breach at popular, free and open source software-focused IRC network Freenode means users need to change their passwords. Freenode's IRC server was compromised and passwords were likely sniffed by unidentified hackers, prompting a warning to users that they should reset their passwords as a precaution. The security …
John Leyden, 15 Sep 2014
Brute force

Gang behind '1.2 billion' megahack ransack is pwning our customers – hosting firm

Anecdotal evidence is emerging that the Russian botnet raiders behind the "biggest-ever" password theft have begun attacks against web services using stolen login credentials. The CyberVor gang is reported to have amassed a vast stockpile of compromised login credentials for "1.2 billion" accounts, Hold Security warned in …
John Leyden, 2 Sep 2014
LG’s Bluetooth Magic Remote

RealVNC distances itself from factories, power plants, PCs hooked up to password-less VNC

A scan of the public internet by security researchers has seemingly revealed thousands upon thousands of computers fully accessible via VNC – with no password required. Worryingly, the unsecured systems – from PCs and shopping tills to terminals controlling factories and heating systems – are at the mercy of any passing …
John Leyden, 21 Aug 2014

Russian PM's Twitter hacked to slap down Putin, post fake resignation

The Twitter feed of the Russian prime minister was hacked on Thursday to post false claims that Dmitry Medvedev had resigned to try his hand as a freelance photographer. The Russian-language profile, which boasts more than 2.5 million followers, was also updated with messages criticising Russia's president, Vladimir Putin. …
John Leyden, 14 Aug 2014
Brute force

Hey guys. We've got 1.2 BILLION stolen accounts here. Send us your passwords, 'cos safety

The backlash is growing against the infosec firm that claimed it had uncovered a Russia-based gang's stash of 1.2 billion nicked website passwords. Hold Security claimed the gang was hoarding over a one billion unique stolen usernames and passwords, siphoned off from insecure websites vulnerable to SQL injection and other …
John Leyden, 7 Aug 2014

British Gas Twitter account hijacked by mystery phishermen

An official British Gas Twitter account was hacked over the weekend as part of a phishing scam designed to harvest Twitter login credentials. The account @BritishGasHelp, which is normally geared towards helping people with boiler breakdowns and other queries, was taken over to push a series of ostensibly jokey tweets. The …
John Leyden, 23 Jun 2014

iDevice ransomware stalks OZ, demands payoff

Apple fans across Australia are finding their iPad and iPhones held for ransom by miscreants demanding $50 and more for unlock fee. The extortionate demands appeared in messages claiming the device had been "hacked by Oleg Pliss" – but it'd be highly unlikely that the cybercrooks behind the scam, which appears to be localised …
John Leyden, 27 May 2014
Angry Birds

Look, pal, it’s YOUR password so it’s YOUR fault that it's gone AWOL

Something for the Weekend, Sir? Dear Mr Dabbs. Thank you for your business. Please see invoice enclosed. This doesn’t bode well: I am not the sort of person who is able to make private purchases on account. As much as I’d love to swan into a shop, point at various things and drawl “Send them over, will you, darlings?” as I saunter off into a waiting limo, …
Alistair Dabbs, 23 May 2014
hands waving dollar bills in the air

eBay says database leak dump offers are fake

Cybercrooks are offering to sell "stolen copies" of the leaked eBay database through an advert posted through Pastebin. However eBay says the sale is fake. "We have checked all published data and so far none are authentic eBay accounts," eBay's press office told El Reg. Security experts, although far from certain, seem …
John Leyden, 22 May 2014
A hash

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Confusion reigns over whether or not the 145 million "encrypted" user account passwords swiped from eBay can be practically cracked by crooks. A day has passed since the online tat bazaar admitted its customer database was hacked back in February, and the method of encryption is still not known. We do know what wasn't …
John Leyden, 22 May 2014

Create a news alert about password security, or find more stories about password security.

Biting the hand that feeds IT © 1998–2017