Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Account security. Show all posts

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.

Critical npm Account Takeover Vulnerability Sold on Dark Web

 

A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337 claims this exploit can enable attackers to hijack npm accounts linked to specific employees within organizations. 

The method involves embedding undetectable backdoors into npm packages used by these employees, potentially compromising numerous devices upon updates. This exploit could have widespread implications for organizational security. Instead of sharing a proof of concept (PoC) publicly, Alderson1337 has invited interested buyers to contact him privately, aiming to maintain the exploit’s confidentiality and exclusivity. If executed successfully, this npm exploit could inject backdoors into npm packages, leading to extensive device compromise. 

However, npm has not yet issued an official statement, leaving the claims unverified. The incident primarily impacts npm Inc., with npmjs.com being the related website. While the potential repercussions are global, the specific industry impact remains undefined. Account takeover (ATO) vulnerabilities represent severe risks where cybercriminals gain unauthorized access to online accounts by exploiting stolen credentials. These credentials are often obtained through social engineering, data breaches, or phishing attacks. 

Once acquired, attackers use automated bots to test these credentials across various platforms, including travel, retail, finance, eCommerce, and social media sites. Users’ reluctance to update passwords and reusing them across different platforms increase the risk of credential stuffing and brute force attacks. Such practices allow attackers to access accounts, potentially leading to identity theft, financial fraud, or misuse of personal information. To mitigate ATO attack risks, experts recommend adopting strong password management practices, including using unique, complex passwords for each account and enabling two-factor authentication (2FA) wherever possible. Regular monitoring for unauthorized account activities and promptly responding to suspicious login attempts are also crucial for maintaining account security. 

While Alderson1337’s claims await verification, this incident underscores the ongoing challenges posed by account takeover vulnerabilities in today’s interconnected digital landscape. Vigilance and collaboration across the cybersecurity community are essential to mitigating these threats and preserving the integrity of online platforms and services.

Posthumous Data Access: Can Google Assist with Deceased Loved Ones' Data?

 

Amidst the grief and emotional turmoil after loosing a loved one, there are practical matters that need to be addressed, including accessing the digital assets and accounts of the deceased. In an increasingly digital world, navigating the complexities of posthumous data access can be daunting. One common question that arises in this context is whether Google can assist in accessing the data of a deceased loved one. 

Google, like many other tech companies, has implemented protocols and procedures to address the sensitive issue of posthumous data access. However, accessing the digital assets of a deceased individual is not a straightforward process and is subject to various legal and privacy considerations. 

When a Google user passes away, their account becomes inactive, and certain features may be disabled to protect their privacy. Google offers a tool called "Inactive Account Manager," which allows users to specify what should happen to their account in the event of prolonged inactivity or after their passing. Users can set up instructions for data deletion or designate trusted contacts who will be notified and granted access to specific account data. 

However, the effectiveness of Google's Inactive Account Manager depends on the deceased individual's proactive setup of the tool before their passing. If the tool was not configured or if the deceased did not designate trusted contacts, gaining access to their Google account and associated data becomes significantly more challenging. 

In such cases, accessing the data of a deceased loved one often requires legal authorization, such as a court order or a valid death certificate. Google takes user privacy and data security seriously and adheres to applicable laws and regulations governing data access and protection. Without proper legal documentation and authorization, Google cannot grant access to the account or its contents, even to family members or next of kin. 

Individuals need to plan ahead and consider their digital legacy when setting up their online accounts. This includes documenting login credentials, specifying preferences for posthumous data management, and communicating these wishes to trusted family members or legal representatives. By taking proactive steps to address posthumous data access, individuals can help alleviate the burden on their loved ones during an already challenging time. 

In addition to Google's Inactive Account Manager, there are third-party services and estate planning tools available to assist with digital asset management and posthumous data access. These services may offer features such as data encryption, secure storage of login credentials, and instructions for accessing online accounts in the event of death or incapacity. 

As technology continues to play an increasingly prominent role in our lives, the issue of posthumous data access will only become more relevant. It's crucial for individuals to educate themselves about their options for managing their digital assets and to take proactive steps to ensure that their wishes are carried out after their passing. 

While Google provides tools and resources to facilitate posthumous data management, accessing the data of a deceased loved one may require legal authorization and adherence to privacy regulations. Planning ahead and communicating preferences for digital asset management are essential steps in addressing this sensitive issue. By taking proactive measures, individuals can help ensure that their digital legacy is managed according to their wishes and alleviate the burden on their loved ones during a difficult time.

Gmail and Facebook Users Advised to Secure Their Accounts Immediately

 



In a recent report by Action Fraud, it has been disclosed that millions of Gmail and Facebook users are at risk of cyberattacks, with Brits losing a staggering £1.3 million to hackers. The data reveals that a concerning 22,530 individuals fell victim to account breaches in the past year alone.

According to Pauline Smith, Head of Action Fraud, the ubiquity of social media and email accounts makes everyone susceptible to fraudulent activities and cyberattacks. As technology advances, detecting fraud becomes increasingly challenging, emphasising the critical need for enhanced security measures.

The report highlights three primary methods exploited by hackers to compromise accounts: on-platform chain hacking, leaked passwords, and phishing. On-platform chain hacking involves cybercriminals seizing control of one account to infiltrate others. Additionally, leaked passwords from data breaches pose a significant threat to account security.

To safeguard against such threats, Action Fraud recommends adopting robust security practices. Firstly, users are advised to create strong and unique passwords for each of their email and social media accounts. One effective method suggested is combining three random words that hold personal significance, balancing memorability with security.

Moreover, implementing 2-Step Verification (2SV) adds an extra layer of protection to accounts. With 2SV, users are prompted to provide additional verification, such as a code sent to their phone, when logging in from a new device or making significant changes to account settings. This additional step fortifies account security, mitigating the risk of unauthorised access even if passwords are compromised.

Recognizing the signs of phishing scams is also crucial in preventing account breaches. Users should remain vigilant for indicators such as spelling errors, urgent requests for information, and suspicious inquiries. By staying informed and cautious, individuals can reduce their vulnerability to cyber threats.

In response to the escalating concerns, tech giants like Google have implemented measures to enhance password security. Features such as password security alerts notify users of compromised, weak, or reused passwords, empowering them to take proactive steps to safeguard their accounts.

The prevalence of online account breaches demands users to stay on their tiptoes when it comes to online security. By adopting best practices such as creating strong passwords, enabling 2-Step Verification, and recognizing phishing attempts, users can safeguard their personal information and financial assets from malicious actors.



Locking Down ChatGPT: A User's Guide to Strengthening Account Security

 



OpenAI officials said that the user who reported his ChatGPT history was a victim of a compromised ChatGPT account, which resulted in the unauthorized logins. OpenAI has confirmed that the unauthorized logins originate from Sri Lanka, according to an OpenAI representative. According to the user, he logged into his ChatGPT account from Brooklyn. 

In the leaked private conversation, the employee appeared to be troubleshooting an app; the name of the app and the location where the problem occurred were also listed. According to reports in ArsTechnica, there is a report that private conversations on ChatGPT were leaked. 

Among the details leaked are login credentials and other personal information of unrelated users. The report also provided screenshots submitted by the alleged hacker of the account. Several screenshots have been shared, including several pairs of passwords and usernames that appeared to be related to a support system that is used by pharmacy employees to assist with prescription drug ordering. 

Any personal data you share in your chat history can be accessed by hackers if your OpenAI account is hacked. Even though this makes perfect sense, it is very strange that you can gain access to information from other compromised accounts, especially in the context of security threats. 

When using OpenAI, you need to make sure you use a strong password to secure your ChatGPT history as it does not provide multi-factor authentication. To ensure that your OpenAI account is secure, you will need to follow basic security measures similar to those that you would take with any other online account. 

Almost everybody does not want to memorize a long passphrase, which includes letters, numbers, symbols, and cases, not to mention a different passphrase for every account. This is why there are password managers out there. 

It is important to note that if you do not use the built-in password manager on your phone, laptop or browser, you will want to visit the Best Password Managers page for help in choosing the best password manager for your situation. If you suspect any account may have been compromised, you should change your password immediately to a long, unique passphrase. 

The user, Chase Whiteside, has since changed his password but is not convinced that his account has been compromised. According to him, he used a password with nine characters, including upper-case letters and lower-case letters, plus special characters, as well as special characters, but he said he didn't use it anywhere else but for his Microsoft account. 

When he briefly stopped using his account on Monday morning, the chat histories of other people appeared all at once. Hence, OpenAI's explanation suggests the initial suspicion that ChatGPT leaks chat histories to unrelated users may not be accurate. 

Despite these shortcomings, the report notes that the website does not contain an option for users such as Whiteside to protect their accounts using two-factor authentication or track details such as the IP address of their current and recent logins - both of which have been standard across most major platforms for some time. 

According to a November paper published in the journal Science, researchers showed how queries were used to prompt ChatGPT into divulging information that was contained within the material that was used to train the ChatGPT large language model, such as email addresses, phone numbers, fax numbers, and physical addresses. 

Several companies, including Apple, have restricted the use of ChatGPT and similar services by their employees for fear of sophisticated or proprietary data leaks among employees. There are a number of reasons for this restriction.

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.

Discord.io Acknowledges Data Breach: Hacker Exposes Information of 760K Users

 

The Discord.io custom invitation service has temporarily ceased its operations due to a data breach that has exposed the personal details of approximately 760,000 members.

Discord.io, while not an official Discord platform, functions as a third-party service that enables server owners to generate custom invitations for their channels. The community largely revolves around the service's Discord server, boasting a membership of over 14,000 users.

According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information:

"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"

The breach has exposed sensitive information, including usernames, email addresses, a small number of billing addresses, salted and hashed passwords (in a limited number of cases), and Discord IDs. The disclosure of Discord IDs, while not deemed private, raises concerns about the potential linkage of Discord accounts to specific email addresses.

Following initial reporting by StackDiary, Discord.io has acknowledged the breach's legitimacy through notifications on its Discord server and website. Consequently, the service has taken the decision to temporarily suspend its operations.

A statement on the Discord server of the service conveys, "Discord.io has fallen victim to a data breach. We are halting all activities indefinitely." More information is available on their designated "#breach-notification" channel, and an identical message is slated for an upcoming update to the website.

Discord.io's website outlines a sequence of events that led to their discovery of the breach subsequent to a post on a hacking forum. The veracity of the leaked data was swiftly confirmed, prompting the temporary shutdown of services and the discontinuation of all paid memberships.

Discord.io maintains that it has not received any communication from the responsible party behind the breach, nor has it disclosed details regarding the method of infiltration.

In a conversation with the seller of the Discord.io database, identified as Akhirah, BleepingComputer verified that the Discord.io operators have not engaged in dialogue with them. Akhirah emphasized that their motivations extend beyond financial gain. 

They assert concerns about Discord.io's alleged associations with illicit and harmful content, emphasizing a desire for the removal of such content in lieu of selling or releasing the pilfered database.

The Discord.io platform functions as a directory facilitating searches for Discord servers aligned with specific interests, providing access via invitations that sometimes require the site's virtual currency, Discord.io Coins. The site's terms of use allocate responsibility for content to its members, although the operators retain the right to eliminate any content deemed illegal or violative of guidelines.

Archived versions of the site display a range of Discord servers catering to diverse interests, encompassing areas like anime, gaming, and adult content. Akhirah underscored concerns over the sale of the database, not solely for financial purposes, but due to the platform's purported links to objectionable and illegal materials.

The hacker also indicated that while significant interest surrounds the database, the majority emanates from individuals seeking to exploit it for purposes such as doxing adversaries. Akhirah expressed a preference for the Discord.io operators to address the alleged offensive material's removal from the site as a condition for not disseminating the stolen database.

Discord.io members are advised to exercise caution, as the hacker affirms that the database has not been sold; however, members should remain vigilant against potential misuse of their data. The passwords compromised in the breach are secured using bcrypt, which is computationally intensive and resistant to rapid decryption. Nevertheless, the leaked email addresses could be exploited for targeted phishing endeavors, facilitating the theft of further confidential information.

Therefore, individuals associated with Discord.io should remain alert to unsolicited emails containing links to websites soliciting passwords or additional personal details. For updates pertaining to the breach, the primary website should be monitored, as it is expected to provide guidance on potential password resets and communications from the service.