securityweek

quoted, security, security breach June 9, 2016

Quoted on SecurityWeek.com over the 32,8 M Twitter accounts leaked

Source: http://www.securityweek.com/32-million-twitter-credentials-emerge-dark-web Author: Ionut Arghire, Security Week   The cybercriminal behind the claimed Twitter leak is the same hacker who was previously attempting to sell stolen data from Myspace, Tumblr and VK user accounts, namely Tessa88@exploit.im. The Twitter credentials have already made it online on paid search engine for hacked data LeakedSource, which says it received a total of 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password. [..] What is yet unclear is how old the supposedly leaked data is, since LeakedSource doesn’t provide specific details on that, although they do suggest that some credentials might be only a couple of years old. Furthermore, IT Security expertSorin Mustaca tells SecurityWeek that the manner in which these credentials were stolen isn’t that clear either. “Interesting enough, Leakedsource writes that they “very strong evidence that Twitter was not hacked”, rather the users got infected with some malware which stole credentials directly from the browsers of any account, not only Twitter’s,” Mustaca says. “However, there is no clear evidence presented that this is indeed the case. Their explanation for malware stealing credentials from browser is not entirely valid.” Although malware that targets browsers to steal user…

question, quoted, security, security breach May 31, 2016

Quoted in SecurityWeek.com on the Myspace.com leak

Ionut Arghire of SecurityWeek wrote a very good article about the potential breach of Myspace.com: 427 Million MySpace Passwords Appear For Sale and I was quoted a lot! Thanks, Ionut! I wrote more extensively about what I think of this leak: Myspace.com was apparently hacked, 360Mil accounts on sale and nobody knows any details There are many things that aren’t right with this breach. Read the article above… Another question, after reading the above article: how come that Troy Hunt didn’t get it? Maybe because it is only available for money? The data hasn’t been tested at all and according to Troy’s article it is not valid data: no sql dump Too many yahoo.com and hotmail.com email addresses   1 @yahoo.com 126,053,325 2 @hotmail.com 79,747,231 According to Troy, Gmail should be the top email provider these days (and also 3 years ago) Partial username, partial email address, partial password -> can it get worse than this?

No Image

quoted May 24, 2014

Quoted in SecurityWeek.com about the eBay data breach

eBay, Security Experts Say Database Dump is Fake By Eduard Kovacs on May 23, 2014 It’s uncertain who is behind the attack, but other cybercriminals and scammers are already trying to profit from the incident. Experts have reported seeing a higher number of PayPal and eBay phishing attacks, (links to this blog) and, a post on Pastebin was found offering to sell 145,312,663 eBay customer records for 1.453 Bitcoin (around $750). “What I find very distressful is the fact that the breach occurred 2 months ago and they found out just two weeks ago,” IT security expert Sorin Mustaca told SecurityWeek.   As far as disclosing information about the incident, Mustaca noted, “eBay is very careful in what they disclose because they are afraid of being sued. And indeed, I’ve seen in the media that there are already some attempts to sue them over their practices in what the security of the network is concerned.”

%d bloggers like this: