Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Password Theft. Show all posts

Dark Web Sale Exposes 3.6 Crore Stolen AI Gaming Accounts


The widespread sale of credentials obtained from AI-based gaming platforms and services is a worrying trend in the cyber underworld, as shown by a new analysis by antivirus company Kaspersky. An astounding 3.6 crore credentials, including login and password information, have been stolen and sold on the dark web in the last three years. The increase in demand for online gaming and artificial intelligence (AI) services has unintentionally encouraged hackers to develop specialized malware known as info stealers to obtain user data.

Surge of info stealers: Threat to online security

Hackers aiming to take advantage of the growing demand for AI-driven services and online gaming platforms have turned to infostealers, a kind of malware that steals user login credentials covertly. These harmful applications use phishing assaults and other deceptive tactics, among other methods, to infect devices, both personal and corporate. 

Kaspersky reports that the majority of leaked credentials come from the popular gaming site Roblox, where almost 3.4 crore user accounts have been exposed due to malware-related data breaches. The research also reveals an astounding 33-fold rise in credentials that have been taken from OpenAI users, amounting to 6.64 lakh records, some of which are connected to ChatGPT, a popular chatbot service.

AI services under threat

The range of hacked AI services, which includes chatbots, voice generators, picture editing, and translation, highlights how widespread the problem is. The head of Kaspersky Digital Footprint Intelligence, Yuliya Novikova, emphasizes how important it is to have strong cybersecurity safeguards in place to thwart infostealer attacks and prevent the unauthorized use of user credentials.

Online precaution must against cyber threat

One of the biggest challenges to online security is the continued demand for stolen credentials, especially those related to artificial intelligence applications. The research notes that when ChatGPT's fourth version was released in March 2023, there was a noticeable increase in the attention of cybercriminals towards these accounts. The continued demand for credentials related to artificial intelligence, even after things have stabilized, highlights the persistent attraction of bad actors looking to profit from the mass use of these services.

It is crucial that people and organizations strengthen their defenses against infostealer attacks in light of these advancements. Proactive measures, such as strong security protocols and constant attention, are essential to reducing the risks posed by hostile actors operating in the shadows of the dark web as cyber threats continue to adapt and multiply.


The Challenges with Passkeys: Addressing Limitations

Passkeys have become a popular method for authentication, offering an alternative to traditional passwords. However, despite their advantages, there are several key issues that need to be addressed. This article explores the problems associated with passkeys and the need for further improvements in authentication methods.

Passkeys, often referred to as passwordless authentication, aim to provide a more convenient and secure way to access accounts and devices. Unlike passwords, which can be forgotten, stolen, or easily guessed, passkeys utilize unique characteristics of the user's device, such as biometrics or hardware-based keys, to grant access.

One of the primary concerns with passkeys is their reliance on specific devices or platforms. For instance, a passkey that works on an Android device might not be compatible with an iOS device or a different operating system. This lack of cross-platform compatibility limits the usability and convenience of passkeys, as users may need multiple passkeys for different devices or services.

Additionally, passkeys are vulnerable to potential security risks. While they eliminate the need for passwords, which are often weak and prone to hacking, passkeys are not immune to threats. If a passkey is compromised, it could lead to unauthorized access to the associated account or device. Furthermore, if the passkey is stored insecurely, such as in the cloud or on an easily accessible device, it could be accessed by malicious actors.

Another challenge is the adoption and support of passkeys across various platforms and services. Although major tech companies like Google have introduced passkey support, it requires widespread adoption from service providers and developers to offer a seamless experience for users. If passkey support remains limited, users may still need to rely on traditional password-based authentication methods.

To address these issues, further advancements in passkey technology and authentication methods are necessary. First and foremost, there should be greater collaboration between tech companies and service providers to establish standardized protocols for passkey implementation. This would enable interoperability across different platforms, making passkeys more accessible and user-friendly.

Enhancing the security of passkeys is also critical. Additional layers of protection, such as multi-factor authentication, can be integrated with passkeys to add an extra level of security. This could include biometric verification, device attestation, or behavioral analysis to ensure the legitimacy of the user.

Furthermore, educating users about the importance of passkey security and best practices is crucial. Users need to understand the risks associated with passkeys and be encouraged to store them securely, preferably using hardware-based solutions or secure vaults.

Change Your Passwords on These Five Platforms Right Away

 

Have you ever gotten an email advising you to change your security details because one of your accounts has been compromised? Well, you are not alone 

Regular users are suffering the most damage as hacking grows more sophisticated. According to VPN Central's Deyan Georgiev, certain social media accounts are particularly open to hacker attacks. 

Which accounts are hackers primarily aiming for? 

In order to determine the average monthly searches for terms like "account hacked," "hacking," and "hack," VPN Central looked at 10 platforms and their average monthly searches for cybercrime. 

According to research, the following websites were often searched for when looking for information about hacking: 

Facebook: 67,940 searches 
Instagram: 36,220 searches 
Spotify: 25,920 searches 
Twitch: 10,800 searches 
Amazon: 6,170 searches 

If you have accounts on these platforms, be sure to regularly change your password and enable multi-factor authentication. 

Prevention tips 


Avoid choosing a weak password: Even though "123456" and "password" have consistently been ranked as the weakest, most easily guessable passwords for years, people still use them as passwords. This is astounding. Avoid using obvious patterns when you're asked to establish or alter a password for a website. Choose something with at least 12 characters, made up of letters, numbers, and other symbols, advise SplashData and TeamsID. 

Use multi factor authentication: A growing number of online services that deal with sensitive data (including Gmail, online bank accounts, and Slack, a popular group chat tool among businesses) give you the option of adding an extra step before inputting your password to access your account. A code is often delivered to the phone number you have on file. Although it takes a little longer to access the site, it significantly discourages anyone from trying to access your account. 

Consider using a password manager: Most consumers, according to the Federal Trade Commission (FTC), struggle to remember all of their passwords. Stronger passwords are those that are longer and more complex, although longer passwords can also be harder to remember. Use a trusted password manager to keep your passwords and security questions safe. Look for a trustworthy password manager on independent review websites and ask your friends and family which one they use. To keep the information in your password manager secure, choose a strong password.