Dan Goodin reports: Have I Been Pwned, the breach notification service that serves as a bellwether for the security of login credentials, has just gotten its hands on its biggest data haul ever—a list that includes almost 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party…
Search Results for: credential stuffing
UK’s ICO fines Uber £385,000 over data protection failings
The monetary penalties levied against ride-sharing giant Uber for covering up a 2016 breach continue to mount. From the ICO’s office: The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. A series of avoidable data security flaws allowed the personal details…
HSBC Bank notifies customers after hacking incident (updated)
On November 2, HSBC sent letters to an undisclosed number of customers concerning a breach of their accounts. A template of the letter was submitted to the California Attorney General’s Office. It states, in part: HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. When…
Thousands of Mega logins dumped online, exposing user files
Zack Whittaker reports: Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online, ZDNet has learned. The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped. Patrick Wardle, chief research officer and co-founder at Digita…
National Lottery hacked: 10.5m players are warned to change their passwords
Sean Poulter reports: The National Lottery is advising all 10.5million people with online accounts to change their passwords following a security breach ahead of tonight’s £14 million Euromillions draw. The move follows an attempt by hackers to access accounts using a technique known as ‘credential stuffing’. Read more on Daily Mail.
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…