Multifactor Authentication Password Management

LastPass: Keylogger on home PC led to cracked corporate password vault

How did the crooks get in given that the needed access credentials of 4 developers at LastPass were locked up in a secure password vault to which only four developers had access?” Access to the vault password] was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which […]

Data Breaches Password Management

37 million accounts T-Mobile stolen

T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features.APIs […]

Data Breaches Password Management

NortonLifeLock warns customers about online password manager intrusion

Security company NortonLifeLock has warned an unknown number of customers that criminals have broken into their Norton Password Manager, an online password manager, and advises that all stored credentials be changed immediately. The password manager can be used via a Norton account and can generate passwords and store them in an “online vault”. The password […]

Data Breaches Multifactor Authentication Password management Security

LastPass users: time to change passwords, settings and….

The hacker copied information from backup that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the encrypted […]

Data Breaches Multifactor Authentication Password management

Crypto exchange Gemini leaks private data of 5.3 million users

The American crypto exchange Gemini has leaked the private data of 5.3 million users, which has subsequently been used for targeted phishing attacks. It concerns e-mail addresses and partial telephone numbers. According to Gemini, the data was stolen from an unnamed “third-party” supplier. No further details about the data breach have been provided. Gemini does […]

Data Breaches Password Management Security

> 50 million passwords and data for 4,500 crypto wallets stolen by malware

Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login […]

Multifactor Authentication Password Management Security

Gambling platform DraftKings theft of $300,000 via credential stuffing

Online gambling platform DraftKings has been hit by a credential stuffing attack in which attackers managed to break into users’ accounts and steal some $300,000. Credential stuffing uses previously leaked email addresses and passwords to gain automated account access. Attackers check whether they can also log in to website B with credentials stolen from website […]