Latest news with #darkWeb
Forbes
18-06-2025
- Forbes
16 Billion Apple, Facebook And Google Passwords Leaked — Change Yours Now
The biggest password leak in history confirmed. getty If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here's what you need to know and do. Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It's why Google is telling billions of users to replace their passwords with much secure passkeys. It's why the FBI is warning people not to click on links in SMS messages. It's why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it's why this latest revelation is, frankly, so darn concerning for everyone. According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, '30 exposed datasets containing from tens of millions to over 3.5 billion records each,' have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history. The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. 'Organisations need to do their part in protecting users,' Javvad Malik, lead security awareness advocate at KnowBe4, said, 'and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible." To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don't wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
CBC
23-05-2025
- Business
- CBC
Nova Scotia Power confirms customer data stolen in ransomware attack
Nova Scotia Power has confirmed it is the victim of a ransomware attack and that the hackers who stole data have published it on the dark web. The CBC's Amy Smith spoke with president and CEO Peter Gregg.
Forbes
17-05-2025
- Forbes
19 Billion Stolen Passwords For Sale Online — New Warnings Issued
Billions of stolen passwords are now available online. I recently reported how an incredible 19 billion stolen passwords had been found to have been published on the dark web and criminal marketplaces online. That article went viral in a way I never expected, but that's a good thing considering what has emerged since. Two new warnings have been issued, which are of particular importance given the ongoing reports of compromised passwords and how they are being used in cyberattacks. Take heed of these warnings now and ensure you are not the next victim. Although you might think you are on top of the whole password construction and usage thing, the chances are that is not actually the case for far too many people. I mean, after all, when one new report reveals that there were 2.9 billion unique yet compromised passwords available on dark web forums and Telegram channels across 2024, you have to wonder whose passwords you are using. If you don't follow strictly random processes for creating long and strong passwords, such as employing a password manager to generate them for you every time, along with secure management practices to prevent reuse, did I mention password managers already, then you are likely part of the problem, my friend. The 2025 password table, published by Hive Systems, brings real-world insight into how quickly your password can be cracked. I should, at this point, say that I'm not a huge fan of the how long does it take to crack a password approach to credentials security, not least as the propensity of infostealer malware rather makes that irrelevant, but it serves a purpose to illustrate password construction hygiene anyway. The newly published password table report, authored by Corey Neskey, vice president of quantitative risk at Hive Systems, focuses on a hacker using a black box process starting from scratch to crack an unknown hash. But Neskey acknowledged that 'if your password was part of another breach or uses dictionary words, then your password table looks like this,' the this being a table with just the word 'instantly' repeated over and over. Marcus White is a cybersecurity specialist at Specops who specializes in authentication, password security, password management, and compliance. He is, without any shadow of a doubt, a password expert. A May 13 report authored by White goes into some detail about the passwords that hackers are using to specifically attack file transfer protocol ports. While this m ight seem rather niche, it's nothing of the sort. FTP is one of those things that hackers like to attack, often using brute force, because it's usually an easy route into your network. Indeed, Specops research team has been analysing the last 30 days of FTP port attacks against live networks to determine the most common passwords used by the threat actors concerned. 'Knowing the tactics real-world attackers are using,' White explained, 'can help you shape your organization's password policy and defend against brute-force attacks.' Importantly, brute-force attacks will use known passwords and username combinations until access is achieved. Can you guess where a lot of these credentials come from? Bingo! Those infostealer logs. As cybersecurity expert at threat exposure platform NordStellar, Vakaris Noreika, told me, the threat from infostealer malware is far greater than most people imagine. It's not just the fact that so many passwords, and other credentials such as session cookies to bypass two-factor authentication protections, are being stolen, but also the ease of access that cybercriminals have to them. "Dark web users can purchase stealer logs by subscribing to a private channel,' Noreika said, referring to Telegram channels where such access to millions of compromised passwords can be had for as little as $81. So, how do you solve a problem like stolen passwords at scale? You are probably not going tomorrow like this much, but that answer is an obvious one: stop using the darn things. Why risk your carefully constructed, seemingly strong password when you can just use a much more secure and infinitely harder to compromise passkey? If you can't yet use a passkey for any service, then please, don't reuse your passwords.
CNET
16-05-2025
- CNET
Should You Change Your Password After the Steam Leak? This Cybersecurity Expert Says Yes
If your phone number was one of the 89 million exposed in the recent data breach that affected Steam, the company says your info is safe. In a statement shared with CNET, Steam has denied that a reported data breach endangered its users' personal information. "Old text messages cannot be used to breach the security of your Steam account," the statement said. "Whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages." The company also said the breach was not of a Steam system, and that you don't need to change your password because of it. According to Steam, the leaked info can't be tied with Steam accounts, passwords or payment information. However, your phone number is still personal identifying information and can give scammers more ammunition for targeted phishing campaigns. Changing your password is an easy step to take to shore up your account's defenses. Here are some additional ways to protect your account. What was leaked? First reported by Underdark, a cybersecurity company, on LinkedIn, the information for 89 million Steam accounts popped up for sale on the dark web. Steam denies the leak originated from any of its systems, and the origin of the breach remains unconfirmed. The data allegedly includes users' one-time passwords and phone numbers. The threat actor says it's auctioning off this information for $5,000. Should you be worried about your phone number being leaked? "Not so long ago, an exposed phone number was not even considered a breach because most of us shared them publicly anyway," Neal O'Farrell, cybersecurity fraud expert and CNET expert review board member, said. "But now a phone number is so closely connected to our identity -- try accessing your bank account without it -- it's become a major target for criminals." Steam said that users don't need to update their passwords, which CNET recommended in a previous version of this story. But the company did recommend regularly checking your Steam account security. However, whenever you're worried about a security breach, changing your password is a smart move. If you have a Steam account, it doesn't hurt to change your password now to keep your game library -- and financial information -- secure. How to protect your Steam account Even if it may not be necessary, it doesn't hurt for Steam account holders to change their passwords. At the very least, this will help secure your account. If you want to take it a step further, you can use a password manager to create complex passwords and store them for you. Steam also recommended setting up the Steam Mobile Authenticator, which enables two-factor authentication with your phone number and email. 2FA is an easy step that will make it much more difficult for unauthorized users to access your account. Steam doesn't support the use of hardware security keys, which can offer another level of protection, so its in-house 2FA is going to be your best bet to protect your account. If you already have 2FA enabled, be sure to check your email for any suspicious activity linked to your Steam account. Here's how to change your Steam password: Open your Steam client At the top left corner, click on Steam and choose "Settings" Click on "Security" to make sure you have 2FA enabled. Add your email/phone number if you haven't already. Choose "Change Password" at the top Set a strong password using symbols, capital and lower-case letters, numbers, and make it as long as you can. If you've recently received any one-time password text messages that you did not request, ignore them and change your password again. In the coming weeks, keep an eye out for any phishing attempts disguised as game product offers or other Steam-related content. "Apart from changing all passwords, even if the company says there's no need, you do need to be on constant guard for phishing emails, texts, and calls connected to this breach or not," O'Farrell said. "And if your phone provider allows, activate SIM protection to prevent thieves from switching your number."
