A number of old data breaches have been uncovered in 2016 with the former online services behemoths, Myspace and Yahoo business oriented social media site, LinkedIn; and the popular blogging site, Tumblr all having been exposed this calendar year.
Yahoo is the latest online services company to have its past brought to the fore with the news of its 2014 mega-breach. Yahoo now has the unenviable title of having suffered the largest ever data breach with at least 500 million Yahoo accounts compromised.
Tumblr’s breach dates back to 2013, involving 68 million user credentials, significantly more than the 6.5 million that Tumblr claimed at the time. https://yahoo-security.tumblr.com/post/144263220905/staff-we-recently-learned-that-a-third-party
Myspace’s breach involved over 360 million user credentials (on sale by hackers for 6 BTC), making it one of the largest of all time (by user number). http://www.businesswire.com/news/home/20160531005770/en/Time-Confirms-Breach-Myspace
LinkedIn took four years to reset passwords that were leaked in 2012 and this was only after it became known that the data was being sold on the Dark Web. https://blog.linkedin.com/2016/05/18/protecting-our-members
“We have invalidated the passwords of all accounts that were created prior to the 2012 breach that hadn’t updated their password since then, and that is, as we reported, more than 100 million people,” a LinkedIn spokesperson http://motherboard.vice.com/read/linkedin-finally-finished-resetting-all-the-passwords-leaked-in-2012
All of this on top of the fact that PayPal enriches criminals by paying for stolen user data. http://www.sfchronicle.com/business/article/PayPal-others-buy-stolen-data-from-criminals-to-6744699.php
The recent revelations prompted Reddit to take precautionary measures and reset over 100,000 user passwords. The author of the blog posting cited the increase in the number of password dumps as the reasoning behind their decision. https://www.reddit.com/r/announcements/comments/4l60nc/reddit_account_security_and_you/
The old password dumps are proving useful to criminals because the average user is typically reluctant to change password to something stronger. LinkedIn has been criticized for allowing users to reuse their old, leaked password, as the new password.
Users are reminded to make use of two factor authentication when possible and to utilize a good password manager, one with a strong password generator. Even better if said password manager is offline, such as Keepass.
Suggested reading:
How to use Keepass.
0 comments:
Post a Comment