password security
Latest
Daily Roundup: Windows 10, weak passwords, SpaceX and more!
Microsoft will unveil Windows 10 to the masses tomorrow, giving us a closer look at what the folks in Redmond have been working on. Meanwhile, everyone on the internet is still using weak passwords like "123456" and Google decided to drop some serious money on SpaceX. Get all the details on these stories and more in today's daily roundup.
Following Adobe hack, Facebook requires compromised users to change passwords
Here's a good lesson to vary up your passwords if we've ever seen one: Facebook is locking out Adobe users whose accounts were compromised by a recent large-scale hack if they use the same login info for both Adobe and the social network. To regain access, they'll need to change their password and answer a few security questions. According to Krebs on Security, Facebook has mined the encrypted password data to discover which of its users were affected by the breach -- more than 38 million Adobe users' accounts were reportedly exposed. Facebook was able to discover the same email-password combos by running them through the same code it uses to confirm your credentials at login time. If the site found that your account matched one of the millions exposed in the Adobe hack, you'll receive a notification like the image above. Diapers.com and Soap.com have reportedly put the same policy in place; this is important stuff, guys!
Blizzard suffers security breach, encrypted passwords and authenticator data compromised
According to a recent Blizzard security update, now might be a good time cook up a new password. Blizzard's security team found that its internal network has been illegally accessed, and answers to personal security questions, authenticator data and cryptographically scrambled Battle.net passwords have found their way into the perpetrator's hands. The team is confident, however, that the compromised data isn't enough to give the attacker access to user accounts, and says that there is no evidence to suggest financial data (credit cards, billing addresses and customer names) were accessed. Blizzard President Mike Morhaine recommends that users update their passwords all the same, and we couldn't agree more. Check out his official statement at the source link below and get that Diablo III account locked down.
Amazon, Apple stop taking key account changes over the phone after identity breach
By now, you may have heard the story of the identity 'hack' perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone -- and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn't been as direct about what's going on, but Wired believes there's been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required. Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren't followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.
Hotmail adds 'My friend's been hacked!' feature to finger phishers
Hotmail's spent the past few years playing catch up with the competition, but for the most part, it hasn't done anything particularly groundbreaking with its services. Earth shattering might not be the appropriate descriptor for its latest addition, but Hotmail's added a helpful new feature to distinguish plain old spam from the kind that comes form a trusted source. Now, when you get an email from a friend that smells of something sea dwelling -- say a plea for some extra scratch from abroad -- you can select "My friend's been hacked!" from the "Mark as" menu, alerting the powers that be that your friend's account has been hacked. When you mark a missive as junk, you can likewise click a box that reads: "I think this person was hacked!" Once that's done, the spammers are kicked to the curb, and your friend is put through an "account recovery flow" the next time they attempt to log in. On the prevention front, Hotmail will soon roll out a new service that blocks users from selecting common passwords. It might not be enough to coax us over, but maybe this time the other guys could learn a few lessons.
AionSource.com compromised, e-mails possibly leaked to hackers
Yesterday we reported that a wide number of e-mail password phishing scams were being sent out to Aion users. Today, AionSource.com has sent out an e-mail announcement to all of their users that this new wave of scams may have been due to a hacking attack on their website. Knite Shadowbane, administrator of AionSource, has posted that AionSource.com had been under hacker attack five days ago on the 24th of January. The staff has since cleared the attack and has proceeded to beef up their security, but today's e-mail to all AionSource members warns that their database could have been used for these phishing scams. So, if you are a member of AionSource, keep an eye out for any unusual e-mails coming your way. Even if you aren't a member, always remember to check the source of any e-mails coming to you that request for you to "access your account" or "confirm your password" or require you to log into an unverified source. Knite has also posted a handy guide to securing your account, such as changing your password and installing anti-virus software.
Forum post of the day: Hilarious scam email
Have you ever wondered what one of those fake emails from "Blizzard" look like? The nastier ones are copies of real Blizzard emails, with the links subtly changed. Other scam emails are a bit more transparent, however. While we've identified some red flags for you before, let's add a few more, shall we?If the email refers to the patch you "must" download as "a mod one" then it might not be real. If they have moved said patch to an external website, then you might want to worry.If the reason for the move is because, "recently, Hackers have been trying to crack our folders and steal every future project" then it is time for you to roll on the ground laughing. Just hope that Hackers don't team up with the Boogeyman, or Terrorists!If you are referred to as one of their "lovely members who do not understand" you should get a medal, really. Their repetitiveness is dizzying. Luckily, they will "explain it shortly" for you. I think someone needs a thesaurus (or a brain).
