Data Security

A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt, is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords. Hunt found an archive of the data on MEGA, a file-sharing site and has...

According to a study published in December by SplashData of the more than 5 million passwords compromised by hacks last year, way too many were laughably inadequate. If you are having that same-old, same-old sense of déjà vu, you're not alone. Another year has come and gone, and consumers are still using the same old bad passwords to protect their...

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack...

The personal data of 4 million applicants for internships at a non-profit organization was exposed in a breach. The data included the applicants’ names, email addresses, gender, and personal essays and was exposed via a misconfigured database called Elasticsearch on the website of AIESEC, a “youth-run” non-governmental organization with over 100,000- members worldwide. The data leak was initially found...

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. One of the larger threats outlined in the report was the Emotet Trojan, a sophisticated malware program capable of data theft, network monitoring, and propagating itself onto other vulnerable systems, and the Trickbot Trojan that steals passwords...

Sidewalk Labs, a subsidiary of Google’s parent company Alphabet, is the go-to story for Data Privacy Day with its new “user-friendly” tool called Replica, which allows city planners see “how, when, and where people travel in urban areas.” The Intercept’s explainer details a troubling use of consumer data. “Thanks for all you do,” could be Replica initiative’s tagline, since...

The recent data leak of the Oklahoma Security Commission that compromised 17 years’ worth of FBI investigations, the NGO leak of 4 million internship applications, and the exposure of 114 million businesses and individuals’ data online and many others have one common thread: each of them was found on Shodan, the self-proclaimed “world’s first search engine for Internet-connected devices.” While...

A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database. The data was inadvertently sent in a spreadsheet as an email attachment by a university employee. It included names,...

The Chinese government-linked hacking group APT10 is continuing its campaign against US and European businesses with increasingly sophisticated tactics and strategies, warn officials from the Department of Homeland Security. The group is thought to be responsible for recent cyber-espionage campaigns against a U.S. law firm, an international apparel company, and Visma, a major Norwegian software firm according to a...

A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. Credit unions and banks are both required by the Bank Secrecy Act (BSA) to report potential money laundering operations and to dedicate at least two staff members to ensure compliance. The phishing emails seemed to specifically target the...