Daily Archives: June 10, 2016

Hacker puts up 167 Million LinkedIn Passwords for Sale

Posted on June 10, 2016 | Leave a comment

LinkedIn

LinkedIn’s 2012 data breach was much worse than anybody first thought.

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Latest reports emerged that the 2012’s LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users.

Almost after 4 years, a hacker under the nickname “Peace” is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace “The Real Deal” for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates “Have I Been Pwned?” site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.

In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012’s security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.

Do you see a pattern here?  Social media is getting hit hard so as I said above and many times before, change your passwords frequently and make then stronger !!!

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

Hacker Selling 65 Million Passwords From Tumblr Data Breach

Posted on June 10, 2016 | Leave a comment

tumbler

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned.

“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” read Tumblr’s blog.

A Hacker, who is going by “peace_of_mind,” is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal.

The compromised data includes 65,469,298 unique e-mail addresses and “salted & hashed passwords.”

The Same hacker is also selling the compromised login account data from Fling, LinkedIn, and MySpace. I wonder if he has more data sets yet to sell…

Salt makes passwords hard to crack, but you should still probably change it.

 

 

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

427 Million Myspace Passwords leaked in major Security Breach

Posted on June 10, 2016 | Leave a comment

My Space

MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised.

You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.

On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum.

The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts.

“We believe the data breach is attributed to Russian Cyberhacker ‘Peace’,” Myspace wrote in a blog post. “Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk.”

Like LinkedIn, the stolen Myspace passwords were also stored in SHA1 with no “salting.” Salting is a process that makes passwords much harder to crack.

Myspace said it has taken “significant steps” to strengthen its users’ account security since the data breach in 2013 and now the company uses double-salted hashes to store passwords.

I strongly advise users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Posted on June 10, 2016 | Leave a comment

Twitter copy

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that “these usernames and credentials were not obtained by a Twitter data breach” – their “systems have not been breached,” but LeakedSource believed that the data leak was the result of malware.

“Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck’s account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,