Hacked and stolen passwords

Wonderwoman

Samurai
Yahoo Voices hacked, nearly half a million emails and passwords stolen
by Anna Brading on July 12, 2012



http://nakedsecurity.sophos.com/2012/07/12/yahoo-voices-hacked/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=fb4d853f07-naked%2Bsecurity


Yesterday, we reported on the Formspring website hack. Today, it's Yahoo Voices that has been compromised.

Yahoo Voices, which defines itself as "where your expertise and perspectives take center stage!", allows Yahoo users to post their own articles, videos and slideshows online.

This morning, hacker group D33DS Company, published the 453,491 email addresses and passwords online in plain text, in a document marked "Owned and Exposed".

The hackers say they used a "Union-based SQL Injection" to steal the data and posted the information as a "wake-up call"

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.

But even if this hacker group themselves aren't planning to use the information for ill-gotten gains, the data is available for anyone to access. read more at:

http://nakedsecurity.sophos.com/2012/07/12/yahoo-voices-hacked/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=fb4d853f07-naked%2Bsecurit
 

Lioness1

Banned
42 million passwords exposed following massive dating website hack

http://grahamcluley.com/2013/11/42-million-passwords-exposed-dating-website-hack/?utm_source=rss&utm_medium=rss&utm_campaign=42-million-passwords-exposed-dating-website-hack

42 million passwords exposed following massive dating website hack
Graham Cluley | November 20, 2013 10:36 am | Filed under: Data loss, Vulnerability | 2

In what must rate as one of the worst password security breaches ever, it has been discovered that the names, addresses, dates of birth and unencrypted passwords of over 40 million online daters have been stolen by hackers.

Yes, that’s right, the passwords were not protected at all. They were stored by the hacked company in *plaintext* format. A disaster waiting to happen…
Online dating user information. Source: Brian Krebs

Online dating user information. Source: Brian Krebs

Security blogger Brian Krebs has reported that an intrusion at online dating firm Cupid Media earlier this year resulted in hackers getting away with the haul of valuable data earlier this year. It has since been discovered on a web server, alongside data stolen in other hacks, including a recent attack against Adobe.

Asian Dating websiteCupid Media is a firm based in Queensland, Australia, that runs a wide variety of niche dating websites including AsianDating.com, ChristianCupid.com, SingleParentLove.com, GayCupid.com, and ThaiLoveLinks.com amongst many others.

In conversation with Krebs, Cupid Media managing director Andrew Bolton said that the database included details of inactive users, as well as current customers, and was probably related to a security breach that occurred at the company in January 2013.

Andrew Bolton told Brian Krebs:

“In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts. We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification.”

What’s alarming is that there doesn’t appear to have been any media reports confirming that a security incident involving customer data occurred at Cupid Media in January 2013. That is very surprising if such a large number of users were put at risk.

Did customers not get informed? Did the firm sweep it under the carpet?

Right now, the true facts remain unclear.

However, what is very clear is that many of the passwords exposed in this latest security breach are woefully bad choices by Cupid Media’s users.

Here is a list of the ten most commonly used passwords, according to the Cupid Media customer database seen by Brian Krebs:
Password Number of times used
123456 1,902,801
111111 1,212,235
123456789 574,914
1234567 173,235
12345678 140,734
000000 107,996
iloveyou 91,269
1234567890 81,775
?????? 79,046
123123 79,013

Pretty pitiful. And the same can be said for the top non-numeric passwords:
Password Number of times used
iloveyou 91,269
lovely 54,045
qwerty 40,023
password 37,241
azerty 33,579
loveme 32,645
aaaaaa 30,273
mylove 28,266
iloveu 23,787
zxcvbnm 20,362

These passwords would be abysmal choices if the websites had been storing them in a secure, encrypted format. However, they apparently weren’t even doing that – storing the passwords in plaintext, meaning they were instantly readable by the human eye as easily as you are reading this password right now.

Of course, it’s possible that Cupid Media has mended its ways and now stores its dating customers’ passwords in a more secure fashion. Let’s hope so.

But in the meantime, if you are a user of any of these websites, you need to ensure that you are not using the same password on any other website, and always use a password that is hard to guess and tricky to crack.

The truth is that uou should never use the same password on multiple websites.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a hack like this, a phishing attack or keylogging spyware) and then hackers using it to unlock your other online accounts.

If you find passwords a burden – simply use password management software like LastPass, 1Password, and KeePass.

Read more about the Cupid Media hack on the Krebs on Security website.
 

Kat

Administrator
Staff member
2 Million More Passwords for Facebook, Google, Twitter, Other Sites Were Stolen and Posted to the Net

Business Insider
By Julie Bort 3 hours ago

http://finance.yahoo.com/news/2-million-more-passwords-facebook-191054295.html

A computer security researcher has stumbled upon another huge file of stolen user names and passwords that was posted on the 'net for other hackers to enjoy.

Daniel Chechik, and his fellow researchers at Trustwave SpiderLabs, found a cache of user names and passwords for 2 million accounts that gives hackers access to accounts on popular websites like Facebook, Google, Yahoo, Twitter, LinkedIn, and others.

This stash of 2 million passwords follows a massive hack on Adobe revealed in October in which a jaw-dropping 38 million user accounts and passwords were nabbed and posted to the 'net. That attack was so big that other website vendors were affected, because many people use the same user name and password for all of their websites. Website vendors like Facebook and Evernote sifted through hacked passwords, found accounts using the hacked user/password combo and forced those people to change their passwords.

Evernote even went so far as to blame Adobe by name as the reason why it was forcing Evernote users to change their passwords.

One thing learned from all these lists of stolen passwords is how many people use the same easy-to-guess passwords......
 
Top