Farewell Lastpass, We don't need more data breach

Youā€™ve heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security serviceā€™s 25.6 million users, though, the company made a worrying announcement last week: A security incident the firm previously reported on November 30 was actually a massive and concerning data breach that exposed encrypted password vaultsā€”the crown jewels of any password managerā€”along with other user data....

December 29, 2022 Ā· 2 min Ā· 369 words

Evernote is suspect of a hack, change your password

Cross-posted from Evernote blog: Evernoteā€™s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions. In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost....

March 2, 2013 Ā· 2 min Ā· 415 words

Cloud service cracks VPN passwords in 24 hours

h-online: At the Black Hat hacker conference in Las Vegas, encryption expert Moxie Marlinspike promised that his CloudCracker web service was able to crack any VPN or WiFi connection secured using MS-CHAPv2 within 24 hours. The cost? Around $200. MS-CHAPv2 is based on the eminently crackable encryption algorithm DES. The problem was first documented in 1999 by Bruce Schneier working with two other researchers. A large number of processor cores are still required to crack the encryption within a reasonable time ā€“ the number of possible keys makes trying to perform a brute force attack on a normal PC a hopeless task....

July 31, 2012 Ā· 2 min Ā· 293 words

Password leak at meetOne

h-online: A data leak at the meetOne dating site allowed anyone to access private data including the plaintext passwords, email addresses and real names of the siteā€™s approximately 900,000 members. To obtain the data, an attacker simply needed to increment a URL parameter. After they were informed by The Hā€˜s associates at heise Security, the operators soon closed the hole. When news of a data leak in one of the dating portalā€™s custom APIs was disclosed to heise Security, the editors managed to reproduce the problem and access the data of a specially created test profile....

July 26, 2012 Ā· 2 min Ā· 364 words

11 million passwords leaked from online gaming platform

h-Online: A file with 11 million password hashes belonging to users of the online games platform Gamigo has been circulated on the internet. According to an analysis by ZDNet, 8.2 million different email addresses are also part of the 478MB file. Around 3 million of these belong to users from the US, 2.4 million are German addresses and 1.3 million are supposed to originate in France. The list also includes corporate email addresses from companies such as IBM, Siemens, Deutsche Bank and the German insurance company Allianz....

July 24, 2012 Ā· 2 min Ā· 323 words

Millions of Last.fm passwords leaked

The H-Online: A list with several million passwords belonging to users of the music community site Last.fm has been posted on the internet. The site owners have posted a statement saying that the company is investigating the leak and that all users of the service should change their passwords immediately. This is the third major compromise of a popular web siteā€™s passwords in as many days. The Hā€™s associates at heise Security are in possession of a list containing approximately 2....

June 9, 2012 Ā· 1 min Ā· 212 words

LinkedIn passwords in circulation

H-Online: Internet forums are currently circulating a list containing over six million password hashes which allegedly originate from LinkedIn. The passwords are being cracked collaboratively with about 300,000 passwords already published as plaintext. The list contains pure SHA1 hashes with no name or email addresses. If decrypted, the passwords will not easily give access to an appropriate account. However, it is probable that the person who captured the hashes also has the corresponding email addresses....

June 6, 2012 Ā· 2 min Ā· 303 words

Digital Playground porn passwords exposed by hackers

SophosLabs: A group of hackers are claiming to have stolen the details of more than 70,000 users of the Digital Playground porn website. The group, calling itself ā€œThe Consortiumā€, appears to have scooped up some 40,000 financial details (including credit card numbers, names, CCV numbers, and expiration dates) as well as the email addresses and passwords of 72,000 users. According to the hackers, who appear to be affiliated with the Anonymous movement, the sensitive information was not encrypted....

March 13, 2012 Ā· 3 min Ā· 437 words

YouPorn passwords available for download, thousands of users exposed [Updated]

SophosLabs: Want a free password for one of the worldā€™s most popular adult websites? YouPorn, one of the worldā€™s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down ā€“ after a list of many of its usersā€™ email addresses, passwords and dates of birth were left exposed on a public-facing server. According to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly accessible....

February 23, 2012 Ā· 2 min Ā· 383 words

Chrome may get a password generator

The H-Online: Googleā€™s solution for the problem of getting better passwords on the net ā€“ a combination of browser sign-in andOpenID ā€“ will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation....

February 21, 2012 Ā· 2 min Ā· 281 words