Dan Goodin reports: As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts. In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the…
Search Results for: credential stuffing
Arlo advises customers to change passwords after credential-stuffing attempts detected
May 26 notification posted to community.netgear.com. Here’s how it begins: Dear Arlo Customer: We have recently observed suspicious activity potentially impacting Arlo accounts. We take the privacy and security of your account and personal information very seriously and have initiated an investigation into the suspicious activity. From our initial investigation, it appears that attackers may…
Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
The FBI has issued a private industry notification about the sale of credentials and access to universities on dark web and clear net forums. They write, in part: The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. The exposure of…
UK makes weak default passwords illegal
Three cheers for the U.K. on this one. Kevin Purdy reports: If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password “password.” In fact, you’re not supposed to have default passwords at all. A new version of the 2022 Product Security…
Hacker leaks millions of new 23andMe genetic data profiles
Lawrence Abrams reports: A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions. 23andMe told BleepingComputer…
Cybersecurity attack against Amazon-owned online pharmacy PillPack exposed user health data
Annie Burky reports: Amazon-owned PillPack reported a cybersecurity attack affecting the accounts of nearly 20,000 customers. An unauthorized person used customer emails and passwords to log into PillPack customer accounts, over 3,000 of which contained prescription information. Social Security numbers and payment information were not involved in the attack, according to the online pharmacy. Read…