NationalPublicData.com Hack Exposes a Nation’s Data

Credit to Author: BrianKrebs| Date: Thu, 15 Aug 2024 22:38:36 +0000

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.

Read more

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Credit to Author: BrianKrebs| Date: Fri, 22 Mar 2024 19:02:41 +0000

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Read more

The Security Pros and Cons of Using Email Aliases

Credit to Author: BrianKrebs| Date: Wed, 10 Aug 2022 15:10:59 +0000

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website.

Read more

773M Password ‘Megabreach’ is Years Old

Credit to Author: BrianKrebs| Date: Thu, 17 Jan 2019 20:11:08 +0000

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.

Read more

A Breach, or Just a Forced Password Reset?

Credit to Author: BrianKrebs| Date: Tue, 04 Dec 2018 21:45:51 +0000

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward.

Read more

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

Credit to Author: BrianKrebs| Date: Mon, 15 Jan 2018 16:44:47 +0000

Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.

Read more

Hacked Password Service Leakbase Goes Dark

Credit to Author: BrianKrebs| Date: Mon, 04 Dec 2017 05:39:53 +0000

Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.

Read more

Who Ran Leakedsource.com?

Credit to Author: BrianKrebs| Date: Wed, 15 Feb 2017 18:03:06 +0000

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

Read more