Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Account security. Show all posts
Password Security
Account security Account Takeover Compromised Passwords Credential stealing Cyber Security Cyberattacks data security Password Security

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025

 

As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials. 

The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed. 

Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem. 

The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts. 

This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens. 

For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers. 

These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts. 

Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential. 

As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.
Read more »
Ransomware
Account security British transport Data Breach MFA Passwords Ransomware

When Weak Passwords Open The Door: Major Breaches That Began With Simple Logins

 



Cybersecurity incidents are often associated with sophisticated exploits, but many of the most damaging breaches across public institutions, private companies and individual accounts have originated from something far more basic: predictable passwords and neglected account controls. A review of several high-profile cases shows how easily attackers can bypass defences when organisations rely on outdated credentials, skip essential updates or fail to enforce multi-factor authentication.

One example resurfaced when an older assessment revealed that the server used to manage surveillance cameras at a prominent European museum operated with a password identical to the institution’s name. The report, which stresses on configuration weaknesses and poor access safeguards, has drawn renewed attention following recent thefts from the museum’s collection. The outdated credential underlined how critical systems often remain vulnerable because maintenance and password policies fall behind operational needs.

A similar pattern was seen in May 2021 when a major fuel pipeline in the United States halted operations after attackers used a compromised login associated with an inactive remote-access account. The credential was not protected by secondary verification, allowing the intruders to infiltrate the network. The temporary shutdown triggered widespread disruption, and the operator ultimately paid a substantial ransom before systems could be restored. Investigators later recovered part of the payment, but the event demonstrated how a single unsecured account can affect national infrastructure.

In the corporate sector, a British transport company with more than a century of operations collapsed after a ransomware group accessed its internal environment by correctly guessing an employee’s password. Once inside, the attackers encrypted operational data and locked critical systems, demanding a ransom the firm could not pay. With its files unrecoverable, the company ceased trading and hundreds of employees lost their jobs. The case illustrated how small oversights in password hygiene can destabilise even long-established businesses.

Weak or unchanged default codes have also enabled intrusions into personal communications. Years-long investigations into unlawful phone-hacking in the United Kingdom revealed that some voicemail systems were protected by factory-set PINs or extremely simple numerical combinations. These lax protections enabled unauthorized access to private messages belonging to public figures, eventually triggering criminal proceedings, regulatory inquiries and the shutdown of a national newspaper.

Historical oversight is not limited to consumer systems. Former personnel who worked with early nuclear command procedures in the United States have described past practices in which launch mechanisms relied on extremely simple numeric sequences. Although additional procedural safeguards existed, later reforms strengthened the technical requirements to ensure that no single point of failure or simplistic code could enable unauthorized action.

More recently, a national elections authority in the United Kingdom was reprimanded after attackers accessed servers containing voter registration data between 2021 and 2022. Regulators found that essential patches had not been applied and that many internal accounts continued to use passwords similar to those originally assigned at setup. By impersonating legitimate users, intruders were able to penetrate the system, though no evidence indicated that the data was subsequently misused.

These incidents reinforce a consistent conclusion. Passwords remain central to digital security, and organisations that fail to enforce strong credential policies, update software and enable multi-factor authentication expose themselves to avoidable breaches. Even basic improvements in password complexity and account management can prevent the kinds of failures that have repeatedly resulted in financial losses, service outages and large-scale investigations.


Read more »
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
Password Security
2FA 2FA security Account security Bug Fixes Coinbase Cyber Security online account protection Password Security

Coinbase Fixes Account Log Bug That Mistakenly Triggered 2FA Breach Alerts

 

Coinbase has resolved a logging issue in its system that led users to wrongly believe their accounts had been compromised, after failed login attempts were mistakenly labeled as two-factor authentication (2FA) failures. As first uncovered by BleepingComputer, the bug caused the platform to misreport login errors. Specifically, attempts made with incorrect passwords were incorrectly shown in the user activity log as “second_factor_failure” or “2-step verification failed.” 

This mislabeling gave the false impression that an attacker had entered the correct password but was blocked at the 2FA stage, which naturally raised alarm among Coinbase users. Several customers reached out to BleepingComputer, expressing concern that their accounts might have been breached. Many reported using unique passwords exclusively for Coinbase, found no signs of malware on their devices, and noticed no other suspicious account activity—adding to their confusion. Coinbase later confirmed the issue, clarifying that attackers had never made it past the password stage. 

The system had mistakenly classified these failed attempts as 2FA errors, even though the second authentication factor was never triggered. To correct the confusion, Coinbase issued an update that now properly logs such attempts as “Password attempt failed” in the account activity logs, removing any misleading implication of a 2FA failure. Such inaccuracies, while seemingly minor, can trigger unnecessary panic. Some affected users reset all their passwords and spent hours scanning their systems for threats—precautions prompted solely by the misleading logs. 

Security experts also warn that errors like this can become tools for social engineering. Misleading logs could be exploited by attackers to trick users into thinking their credentials had been stolen, potentially coercing them into revealing more information or clicking malicious links. Coinbase customers are frequently targeted in phishing and social engineering campaigns. These attacks often involve SMS messages or spoofed phone calls designed to trick victims into giving up 2FA tokens or login details.  

While there is no confirmed case of the mislabeled logs being used in such scams, BleepingComputer noted that some users had reported it. Regardless, Coinbase reiterated that it never contacts customers via phone or text to request password changes or 2FA resets. Any such communication should be treated as a scam attempt.
Read more »
Social Media
Account security Cyber Security Cyber Security and Privacy Data Privacy Digital Footprint Online Privacy Social Media

Practical Tips to Avoid Oversharing and Protect Your Online Privacy

 

In today’s digital age, the line between public and private life often blurs. Social media enables us to share moments, connect, and express ourselves. However, oversharing online—whether through impulsive posts or lax privacy settings—can pose serious risks to your security, privacy, and relationships. 

Oversharing involves sharing excessive personal information, such as travel plans, daily routines, or even seemingly harmless details like pet names or childhood memories. Cybercriminals can exploit this information to answer security questions, track your movements, or even plan crimes like burglary. 

Additionally, posts assumed private can be screenshotted, shared, or retrieved long after deletion, making them a permanent part of your digital footprint. Beyond personal risks, oversharing also contributes to a growing culture of surveillance. Companies collect your data to build profiles for targeted ads, eroding your control over your personal information. 

The first step in safeguarding your online privacy is understanding your audience. Limit your posts to trusted friends or specific groups using privacy tools on social media platforms. Share updates after events rather than in real-time to protect your location. Regularly review and update your account privacy settings, as platforms often change their default configurations. 

Set your profiles to private, accept connection requests only from trusted individuals, and think twice before sharing. Ask yourself if the information is something you would be comfortable sharing with strangers, employers, or cybercriminals. Avoid linking unnecessary accounts, as this creates vulnerabilities if one is compromised. 

Carefully review the permissions you grant to apps or games, and disconnect those you no longer use. For extra security, enable two-factor authentication and use strong, unique passwords for each account. Oversharing isn’t limited to social media posts; apps and devices also collect data. Disable unnecessary location tracking, avoid geotagging posts, and scrub metadata from photos and videos before sharing. Be mindful of background details in images, such as visible addresses or documents. 

Set up alerts to monitor your name or personal details online, and periodically search for yourself to identify potential risks. Children and teens are especially vulnerable to the risks of oversharing. Teach them about privacy settings, the permanence of posts, and safe sharing habits. Simple exercises, like the “Granny Test,” can encourage thoughtful posting. 

Reducing online activity and spending more time offline can help minimize oversharing while fostering stronger in-person connections. By staying vigilant and following these tips, you can enjoy the benefits of social media while keeping your personal information safe.
Read more »
Password Security
Account security blocking unauthorized access Customer Data Cyber Security Data Safety User Data Password Security

Zello Urges Password Resets Amid Potential Security Incident

 

Zello, a widely used push-to-talk mobile service with over 140 million users, has advised customers to reset their passwords if their accounts were created before November 2, 2024. This precautionary measure follows what appears to be a new security concern, though the exact nature of the issue remains unclear. Zello's actions suggest possible unauthorized access to user accounts. 
 

Zello’s Advisory and User Notification 

 
Starting November 15, 2024, users began receiving notifications from Zello recommending password changes. The notification stated: > 

“As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password.” 
 
The notification also provided a link to a support page with instructions on how to reset passwords through the Zello app. 

Potential Causes: Data Breach or Credential Stuffing? 

 
While Zello has yet to provide further clarification, the lack of detailed communication has raised concerns among users. Efforts by media outlets to obtain a response from the company have been unsuccessful. 
 

The timing and scope of the notice suggest two possibilities: 

 
1. A Data Breach – Unauthorized access to Zello’s systems, potentially compromising user data. 
2. Credential Stuffing – A cyberattack method where attackers use stolen login credentials from other platforms to gain access to Zello accounts. 
 
Notably, the advisory affects only accounts created before November 2, 2024, indicating that the security event may have occurred around that date. 


Past Security Incidents 

This is not the first time Zello has faced a security issue. In 2020, the company experienced a data breach that compromised customer email addresses and hashed passwords, prompting a similar password reset. 

The Importance of Cybersecurity for Essential Services 

 
Zello plays a critical role in communication for sectors such as first responders, transportation, and hospitality, making robust security measures essential. The incident underscores the importance of adopting strong cybersecurity practices: 
- Use Unique, Complex Passwords: Avoid reusing passwords across multiple platforms. 
- Enable Two-Factor Authentication (2FA): Adds an additional layer of security and significantly reduces the risk of unauthorized access. 

User Vigilance and the Need for Transparency 


While Zello’s proactive warning is a positive step, users are calling for greater transparency regarding the root cause of the issue and the measures being taken to prevent future incidents. Organizations like Zello, which support essential communication services, have a heightened responsibility to ensure platform integrity and promptly address security vulnerabilities. 
 
In the meantime, users are strongly encouraged to follow Zello’s instructions and reset their passwords immediately. Taking these precautions can help safeguard personal data and reduce exposure to potential cyber threats. 

As cybersecurity threats continue to evolve, both service providers and users must remain vigilant to ensure the safety and security of their digital ecosystems.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Vulnerabilities and Exploits
Account security Account Takeover BreachForums Dark Web Data Safety GitHub NPM Vulnerabilities and Exploits

Critical npm Account Takeover Vulnerability Sold on Dark Web

 

A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337 claims this exploit can enable attackers to hijack npm accounts linked to specific employees within organizations. 

The method involves embedding undetectable backdoors into npm packages used by these employees, potentially compromising numerous devices upon updates. This exploit could have widespread implications for organizational security. Instead of sharing a proof of concept (PoC) publicly, Alderson1337 has invited interested buyers to contact him privately, aiming to maintain the exploit’s confidentiality and exclusivity. If executed successfully, this npm exploit could inject backdoors into npm packages, leading to extensive device compromise. 

However, npm has not yet issued an official statement, leaving the claims unverified. The incident primarily impacts npm Inc., with npmjs.com being the related website. While the potential repercussions are global, the specific industry impact remains undefined. Account takeover (ATO) vulnerabilities represent severe risks where cybercriminals gain unauthorized access to online accounts by exploiting stolen credentials. These credentials are often obtained through social engineering, data breaches, or phishing attacks. 

Once acquired, attackers use automated bots to test these credentials across various platforms, including travel, retail, finance, eCommerce, and social media sites. Users’ reluctance to update passwords and reusing them across different platforms increase the risk of credential stuffing and brute force attacks. Such practices allow attackers to access accounts, potentially leading to identity theft, financial fraud, or misuse of personal information. To mitigate ATO attack risks, experts recommend adopting strong password management practices, including using unique, complex passwords for each account and enabling two-factor authentication (2FA) wherever possible. Regular monitoring for unauthorized account activities and promptly responding to suspicious login attempts are also crucial for maintaining account security. 

While Alderson1337’s claims await verification, this incident underscores the ongoing challenges posed by account takeover vulnerabilities in today’s interconnected digital landscape. Vigilance and collaboration across the cybersecurity community are essential to mitigating these threats and preserving the integrity of online platforms and services.
Read more »
Privacy Regulations
Account security Cyber Security Data Privacy data security Google Google Account Privacy Regulations

Posthumous Data Access: Can Google Assist with Deceased Loved Ones' Data?

 

Amidst the grief and emotional turmoil after loosing a loved one, there are practical matters that need to be addressed, including accessing the digital assets and accounts of the deceased. In an increasingly digital world, navigating the complexities of posthumous data access can be daunting. One common question that arises in this context is whether Google can assist in accessing the data of a deceased loved one. 

Google, like many other tech companies, has implemented protocols and procedures to address the sensitive issue of posthumous data access. However, accessing the digital assets of a deceased individual is not a straightforward process and is subject to various legal and privacy considerations. 

When a Google user passes away, their account becomes inactive, and certain features may be disabled to protect their privacy. Google offers a tool called "Inactive Account Manager," which allows users to specify what should happen to their account in the event of prolonged inactivity or after their passing. Users can set up instructions for data deletion or designate trusted contacts who will be notified and granted access to specific account data. 

However, the effectiveness of Google's Inactive Account Manager depends on the deceased individual's proactive setup of the tool before their passing. If the tool was not configured or if the deceased did not designate trusted contacts, gaining access to their Google account and associated data becomes significantly more challenging. 

In such cases, accessing the data of a deceased loved one often requires legal authorization, such as a court order or a valid death certificate. Google takes user privacy and data security seriously and adheres to applicable laws and regulations governing data access and protection. Without proper legal documentation and authorization, Google cannot grant access to the account or its contents, even to family members or next of kin. 

Individuals need to plan ahead and consider their digital legacy when setting up their online accounts. This includes documenting login credentials, specifying preferences for posthumous data management, and communicating these wishes to trusted family members or legal representatives. By taking proactive steps to address posthumous data access, individuals can help alleviate the burden on their loved ones during an already challenging time. 

In addition to Google's Inactive Account Manager, there are third-party services and estate planning tools available to assist with digital asset management and posthumous data access. These services may offer features such as data encryption, secure storage of login credentials, and instructions for accessing online accounts in the event of death or incapacity. 

As technology continues to play an increasingly prominent role in our lives, the issue of posthumous data access will only become more relevant. It's crucial for individuals to educate themselves about their options for managing their digital assets and to take proactive steps to ensure that their wishes are carried out after their passing. 

While Google provides tools and resources to facilitate posthumous data management, accessing the data of a deceased loved one may require legal authorization and adherence to privacy regulations. Planning ahead and communicating preferences for digital asset management are essential steps in addressing this sensitive issue. By taking proactive measures, individuals can help ensure that their digital legacy is managed according to their wishes and alleviate the burden on their loved ones during a difficult time.
Read more »
Hacking
2-Step Verification Account security Action Fraud Cyber Crime Facebook Gmail Hacking

Gmail and Facebook Users Advised to Secure Their Accounts Immediately

 



In a recent report by Action Fraud, it has been disclosed that millions of Gmail and Facebook users are at risk of cyberattacks, with Brits losing a staggering £1.3 million to hackers. The data reveals that a concerning 22,530 individuals fell victim to account breaches in the past year alone.

According to Pauline Smith, Head of Action Fraud, the ubiquity of social media and email accounts makes everyone susceptible to fraudulent activities and cyberattacks. As technology advances, detecting fraud becomes increasingly challenging, emphasising the critical need for enhanced security measures.

The report highlights three primary methods exploited by hackers to compromise accounts: on-platform chain hacking, leaked passwords, and phishing. On-platform chain hacking involves cybercriminals seizing control of one account to infiltrate others. Additionally, leaked passwords from data breaches pose a significant threat to account security.

To safeguard against such threats, Action Fraud recommends adopting robust security practices. Firstly, users are advised to create strong and unique passwords for each of their email and social media accounts. One effective method suggested is combining three random words that hold personal significance, balancing memorability with security.

Moreover, implementing 2-Step Verification (2SV) adds an extra layer of protection to accounts. With 2SV, users are prompted to provide additional verification, such as a code sent to their phone, when logging in from a new device or making significant changes to account settings. This additional step fortifies account security, mitigating the risk of unauthorised access even if passwords are compromised.

Recognizing the signs of phishing scams is also crucial in preventing account breaches. Users should remain vigilant for indicators such as spelling errors, urgent requests for information, and suspicious inquiries. By staying informed and cautious, individuals can reduce their vulnerability to cyber threats.

In response to the escalating concerns, tech giants like Google have implemented measures to enhance password security. Features such as password security alerts notify users of compromised, weak, or reused passwords, empowering them to take proactive steps to safeguard their accounts.

The prevalence of online account breaches demands users to stay on their tiptoes when it comes to online security. By adopting best practices such as creating strong passwords, enabling 2-Step Verification, and recognizing phishing attempts, users can safeguard their personal information and financial assets from malicious actors.



Read more »
Pharmacy
Account security AI Banned ChatGPT Cyber Crime Cyberattacks CyberCrime Cybersecurity Pharmacy

Locking Down ChatGPT: A User's Guide to Strengthening Account Security

 



OpenAI officials said that the user who reported his ChatGPT history was a victim of a compromised ChatGPT account, which resulted in the unauthorized logins. OpenAI has confirmed that the unauthorized logins originate from Sri Lanka, according to an OpenAI representative. According to the user, he logged into his ChatGPT account from Brooklyn. 

In the leaked private conversation, the employee appeared to be troubleshooting an app; the name of the app and the location where the problem occurred were also listed. According to reports in ArsTechnica, there is a report that private conversations on ChatGPT were leaked. 

Among the details leaked are login credentials and other personal information of unrelated users. The report also provided screenshots submitted by the alleged hacker of the account. Several screenshots have been shared, including several pairs of passwords and usernames that appeared to be related to a support system that is used by pharmacy employees to assist with prescription drug ordering. 

Any personal data you share in your chat history can be accessed by hackers if your OpenAI account is hacked. Even though this makes perfect sense, it is very strange that you can gain access to information from other compromised accounts, especially in the context of security threats. 

When using OpenAI, you need to make sure you use a strong password to secure your ChatGPT history as it does not provide multi-factor authentication. To ensure that your OpenAI account is secure, you will need to follow basic security measures similar to those that you would take with any other online account. 

Almost everybody does not want to memorize a long passphrase, which includes letters, numbers, symbols, and cases, not to mention a different passphrase for every account. This is why there are password managers out there. 

It is important to note that if you do not use the built-in password manager on your phone, laptop or browser, you will want to visit the Best Password Managers page for help in choosing the best password manager for your situation. If you suspect any account may have been compromised, you should change your password immediately to a long, unique passphrase. 

The user, Chase Whiteside, has since changed his password but is not convinced that his account has been compromised. According to him, he used a password with nine characters, including upper-case letters and lower-case letters, plus special characters, as well as special characters, but he said he didn't use it anywhere else but for his Microsoft account. 

When he briefly stopped using his account on Monday morning, the chat histories of other people appeared all at once. Hence, OpenAI's explanation suggests the initial suspicion that ChatGPT leaks chat histories to unrelated users may not be accurate. 

Despite these shortcomings, the report notes that the website does not contain an option for users such as Whiteside to protect their accounts using two-factor authentication or track details such as the IP address of their current and recent logins - both of which have been standard across most major platforms for some time. 

According to a November paper published in the journal Science, researchers showed how queries were used to prompt ChatGPT into divulging information that was contained within the material that was used to train the ChatGPT large language model, such as email addresses, phone numbers, fax numbers, and physical addresses. 

Several companies, including Apple, have restricted the use of ChatGPT and similar services by their employees for fear of sophisticated or proprietary data leaks among employees. There are a number of reasons for this restriction.
Read more »
phishing
2FA bypass Account security Accounts Argentina Cyber Security Cybersecurity Digital Payment financial services fraud prevention Hacked online money transfer Payoneer phishing

Accounts on Payoneer in Argentina Compromised in 2FA Bypass Incidents

 

A significant number of Payoneer users in Argentina have reported unauthorized access to their 2FA-protected accounts, resulting in the theft of funds while they were asleep. Payoneer, a financial services platform facilitating online money transfer and digital payments, is particularly popular in Argentina for its ability to enable earnings in foreign currencies without adhering to local banking regulations.

Starting last weekend, users with 2FA-protected accounts experienced sudden loss of access or discovered empty wallets upon login, with losses ranging from $5,000 to $60,000. Prior to the incidents, victims received SMS messages requesting approval for a password reset on Payoneer, which they did not authorize. Some users claim they did not click on the provided URLs, and a few only noticed the SMS after the funds were stolen.

The stolen funds were reportedly sent to unfamiliar email addresses using the 163.com domain. Investigations reveal that many affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Suspicions arose regarding a recent Movistar data leak, but the leaked data did not include user email addresses necessary for Payoneer password resets.

One theory suggests a breach in the SMS provider delivering OTP codes, granting threat actors access to codes sent by Payoneer. However, an official statement from Movistar denies responsibility for messages sent through its network and mentions blocking the numbers used in the smishing campaign.

Payoneer, while acknowledging the issue, has not provided specific details about the attack, attributing it to phishing and cooperating with authorities. Tech reporter Juan Brodersen received a statement from Payoneer blaming users, alleging they clicked on phishing links in SMS texts and entered login details on fraudulent pages. Affected users refute this, accusing Payoneer of deflecting responsibility and not addressing potential platform errors or vulnerabilities.

Despite Payoneer's SMS-based 2FA and password recovery process, which relies solely on SMS codes, users argue that the platform should not have had access to later OTP codes required for transactions if the attack was purely phishing-based.

The exact mechanism of the attack remains unclear, with various hypotheses under consideration. Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset passwords until the situation is clarified.

In an update on January 20, a Payoneer spokesperson acknowledged instances of fraud where customers were lured into clicking on phishing links, leading to compromised account credentials or mobile phones. The company asserted swift action to contain fraud attempts and emphasized collaboration with regulators, mobile carriers, and law enforcement agencies. While restitution details vary, Payoneer is actively working to protect customers' funds and recover possible losses.
Read more »
User Information
Account security Community breach Cybersecurity Data Breach Discord.io Member data Online Privacy Security Incident Server invitations Third-party services User Information

Discord.io Acknowledges Data Breach: Hacker Exposes Information of 760K Users

 

The Discord.io custom invitation service has temporarily ceased its operations due to a data breach that has exposed the personal details of approximately 760,000 members.

Discord.io, while not an official Discord platform, functions as a third-party service that enables server owners to generate custom invitations for their channels. The community largely revolves around the service's Discord server, boasting a membership of over 14,000 users.

According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information:

"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"

The breach has exposed sensitive information, including usernames, email addresses, a small number of billing addresses, salted and hashed passwords (in a limited number of cases), and Discord IDs. The disclosure of Discord IDs, while not deemed private, raises concerns about the potential linkage of Discord accounts to specific email addresses.

Following initial reporting by StackDiary, Discord.io has acknowledged the breach's legitimacy through notifications on its Discord server and website. Consequently, the service has taken the decision to temporarily suspend its operations.

A statement on the Discord server of the service conveys, "Discord.io has fallen victim to a data breach. We are halting all activities indefinitely." More information is available on their designated "#breach-notification" channel, and an identical message is slated for an upcoming update to the website.

Discord.io's website outlines a sequence of events that led to their discovery of the breach subsequent to a post on a hacking forum. The veracity of the leaked data was swiftly confirmed, prompting the temporary shutdown of services and the discontinuation of all paid memberships.

Discord.io maintains that it has not received any communication from the responsible party behind the breach, nor has it disclosed details regarding the method of infiltration.

In a conversation with the seller of the Discord.io database, identified as Akhirah, BleepingComputer verified that the Discord.io operators have not engaged in dialogue with them. Akhirah emphasized that their motivations extend beyond financial gain. 

They assert concerns about Discord.io's alleged associations with illicit and harmful content, emphasizing a desire for the removal of such content in lieu of selling or releasing the pilfered database.

The Discord.io platform functions as a directory facilitating searches for Discord servers aligned with specific interests, providing access via invitations that sometimes require the site's virtual currency, Discord.io Coins. The site's terms of use allocate responsibility for content to its members, although the operators retain the right to eliminate any content deemed illegal or violative of guidelines.

Archived versions of the site display a range of Discord servers catering to diverse interests, encompassing areas like anime, gaming, and adult content. Akhirah underscored concerns over the sale of the database, not solely for financial purposes, but due to the platform's purported links to objectionable and illegal materials.

The hacker also indicated that while significant interest surrounds the database, the majority emanates from individuals seeking to exploit it for purposes such as doxing adversaries. Akhirah expressed a preference for the Discord.io operators to address the alleged offensive material's removal from the site as a condition for not disseminating the stolen database.

Discord.io members are advised to exercise caution, as the hacker affirms that the database has not been sold; however, members should remain vigilant against potential misuse of their data. The passwords compromised in the breach are secured using bcrypt, which is computationally intensive and resistant to rapid decryption. Nevertheless, the leaked email addresses could be exploited for targeted phishing endeavors, facilitating the theft of further confidential information.

Therefore, individuals associated with Discord.io should remain alert to unsolicited emails containing links to websites soliciting passwords or additional personal details. For updates pertaining to the breach, the primary website should be monitored, as it is expected to provide guidance on potential password resets and communications from the service.
Read more »
Subscribe to: Comments (Atom)