Archive for the ‘password’ Category

Pay-to-click ad service hacked, 6.6M plaintext passwords dumped

September 14th, 2016

It was 20 years ago today, no, make that 40, that Sergeant Pepper taught us not to store plaintext passwords…

Posted in ClixSense, data brach, data loss, hash, password, plaintext, salt, Vulnerability | Comments (0)

Going The Extra Mile: Pandora, Facebook, and Netflix Ask Users to Reset Passwords

July 1st, 2016

It’s a good sign when businesses take the initiative to protect consumers’ online safety. Not only does it allow customers to feel secure using their services, but it also facilitates positive change. When one business takes an extra step to protect users, industry security standards are advanced. The envelope is pushed for other organizations, who in turn adopt better security practices themselves. It’s a win-win.

When Pandora, Facebook, Netflix, and others recently asked users to reset passwords, a ripple effect began. That’s because they did so even though their own accounts weren’t breached – signaling a more proactive approach to security. It may be a small step for each of these businesses, but it’s a giant leap for consumer safety.

In the case of Pandora, the story started when the music-streaming company discovered 117 million LinkedIn credentials leaked. They didn’t simply sit back and bask in the relief that it didn’t happen to them. Instead, they began to dig through the data dump to find exposed individuals who were also Pandora customers. Their reasoning was wise: people often use the same password across multiple services. Cybercriminals could simply enter those LinkedIn email and password combinations into Pandora. The quick-thinking security approach? Ask users to change their passwords.

Of course, Pandora isn’t the only company that’s forward-thinking with user safety. Facebook and Netflix also asked users to change passwords in light of recent data dumps from other services. Now, it’s clear companies have generally been more sensitive to cybersecurity concerns lately. Judging by all signs, this trend seems likely to continue. The wait-until-it-happens approach to user safety is, hopefully, nearing its end.

Everyone can enjoy this news. Businesses should be more proactive about user safety. In the case of data breaches, it’s great to hear companies are scanning leaked user details and cross-referencing them with their own databases. This proactivity is something to be praised among the security community. With time, tech companies can develop even more pre-emptive security protocols – keeping us increasingly safe in the future.

Of course, we can’t just rely on proactive companies to keep our accounts secure. There are security measures we, as individuals, can take as well, to stay protected.

  • Use unique passwords, and change them regularly. Create distinct passwords for each account. It’s the best way to prevent criminals from using leaked data to crack into your other accounts. Have a hard time managing all of your unique logins? . Remember, password management solutions like Intel Security True Key can do wonders.
  • Double check to see if update requests are authentic. Be careful when asked to provide sensitive information, or change passwords, from seemingly official sources. It’s a common cybercriminal tactic to send phishing emails to users, masquerading as a legitimate company. Try to spot out any misspellings in the URL and sender’s email address, to catch a phony alert.
  • Keep an eye out for data breaches. Stay on top of security news. That way, you’ll know if there’s a possibility your data is in criminals’ hands. Some companies have proactive warning systems in place, but not all do. By having information on when leaks happen, you can take prompt action to protect potentially affected accounts.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.



The post Going The Extra Mile: Pandora, Facebook, and Netflix Ask Users to Reset Passwords appeared first on McAfee.

Posted in consumer, Consumer Threat Notices, data breach, password, password security | Comments (0)

World Password Day Came and Went – Did You Add MFA?

May 10th, 2016

Your family photos, your savings account, and maybe even your dating life are all hidden behind one thing: a password. A combination of letters and numbers protects your personal information from the hands of hackers.

Last Thursday, we filled your social media feeds with articles, videos and Tweets, hoping to raise password awareness on World #PasswordDay. This year, we focused on the importance of multi-factor authentication (MFA). Why stop with simply updating your password, when you can protect your data with another layer of security?

To make our point, we brought out the big dogs and teamed up with a hard hitter. If anyone can convince you to take some time to rethink your password strategy, it’s none other than the actress known for taking no punches, Betty White.

Did you catch her Password Pep Talk videos? Watch below to learn some valuable lessons, and have a nice chuckle too:


Our mobile phones are at the center of our lives (and usually in the palm of our hands). They may just seem like means for checking email on the go or to text a friend, but do us a favor and think of all the information stored on your phone. That’s a scary thought, when you consider hacking and even theft of mobile devices.

Stop worrying, and start preventing. Here are our top three password tips:

  • Lock it down twice. Multi-factor authentication requires more than username and password for entry. To gain access, MFA demands something you know, like a password, and something only you can provide, like a fingerprint or face scan. This information is specific to you, so only you can access the things meant for your eyes only.
  • Strong and long. Passwords should be at least 8 characters long. Longer passwords take longer to crack, it’s that simple. A strong password uses a combination of numbers, upper and lowercase letters, and symbols. Avoid birthdays, family names, and repeated characters. More tips.
  • Change of the seasons, change of the password. Passwords should be changed every three to six months. Using the same password for a long period of time gives hackers a better chance to crack the code. Set a reminder on your calendar to get creative and update all of your accounts with a new, secure password.

We can’t prevent data invasions from happening, but we can take steps to make gaining access to private information more difficult. Adding in additional security layers, especially on your mobile device, could be the key to keeping your private life private. So with all of the information thrown your way this World #PasswordDay, did you add a second layer of protection? Now is the time!

Think you’re a password pro? Take our Security IQ Quiz and find out just how savvy you are!

To stay up-to-date with the latest security threats year-round, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.


The post World Password Day Came and Went – Did You Add MFA? appeared first on McAfee.

Posted in app security, consumer, McAfee Mobile Security, Mobile Security, password, password security | Comments (0)

Advent tip #1: Clean up your passwords before Christmas

December 1st, 2015

We’ll be giving you one security tip a day up until Christmas. Here’s advent tip #1, and it’s all about passwords.

Posted in advent, data loss, password, tips | Comments (0)

vBulletin enforces password reset after website attack

November 4th, 2015

vBulletin and Foxit Software forums hack exposes hundreds of thousands of records amid zero-day vulnerability speculation.

Posted in Data leak, data loss, Featured, password, vbulletin, Zero-Day Vulnerability | Comments (0)

OpenSSH password guessing attacks may be 10,000 times easier than you thought

July 23rd, 2015

An interesting problem with OpenSSH has been publicised on the Full Disclosure mailing list.

Posted in brute force, Featured, OpenSSH, password, Security threats | Comments (0)