recentpopularlog in


« earlier   
How I gained commit access to Homebrew in 30 minutes
Since the recent NPM, RubyGems, and Gentoo incidents, I’ve become increasingly interested, and concerned, with the potential for package managers to be used in supply chain attacks to distribute…
security  homebrew  brew  breach 
7 days ago by dewe
Troy Hunt: The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)
A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all vying for the attention of those consuming it, the value of it plummets.
On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain the thinking whilst also addressing specific questions I've had regarding Collections #2 through #5.
The 773 Million Record "Collection #1" Data Breach
On Thursday 17 Jan, I loaded 773M records into Have I Been Pwned (HIBP) which I titled "Collection #1". I explained how this data originated from multiple different sources and was likely obtained over a period of many years before being amalgamated together and passed around as one massive stash. There were 2.7B rows of email addresses and passwords in total, but only 1.6B them were unique (my own identical record appeared half a dozen times). In other words, there was a huge amount of redundancy.
I made the call to load the data into HIBP based primarily on 3 facts:
The data was sufficiently unique: more than 18% of the email addresses had not been seen in HIBP before
The data was in broad circulation: multiple parties had contacted me and passed on Collection #1
There was a large number of previously unseen passwords: of the 21M unique ones, half of them weren't already in HIBP's Pwned Passwords
breach  collection_#1  data  email  passwords  privacy  pwn  security  credential_stuffing 
9 days ago by rgl7194
Firefox Monitor
Find out if you’ve been part of a data breach with Firefox Monitor. Sign up for alerts about future breaches and get tips to keep your accounts safe.
email  firefox  security  tools  password  privacy  breach  mozilla  services  hack 
10 days ago by gr.mon
Customers Blame Companies not Hackers for Data Breaches
...over half (57%) of consumers blame companies ahead of hackers if their data is stolen. Consumer backlash in response to the numerous high-profile data breaches in recent years has exposed one of the hidden risks of digital transformation: loss of customer trust.
data  breach  hackers  rsa 
15 days ago by SecurityFeed
Discover Card Users Affected by Data Breach, New Credit Cards Issued
A data breach incident impacting Discover cards has potentially provided attackers with access to an undisclosed amount of customer information, although anything from account numbers and expiration dates to security codes might have been stolen.
Although these types of data breaches are not uncommon for financial institutions, this is only the second time a data breach involving customers' cards has been reported during 2018 by Discover Financial Services to the California Attorney General.
According to California's law, companies who conduct business with California residents are required to file security notices with the Attorney General's office in the event of a data breach or a cybersecurity incident impacting customer data. Moreover, firms have to send and submit a sample of the data breach notice that is sent if more than 500 California residents are affected.
Discover Financial Services learned that on August 13, 2018, an undisclosed number of Discover card accounts might have been part of a data breach according to sample notices filed on January 25, 2019, with the California Attorney General's office. However, according to the same notices, "Please know, this breach did not involve Discover card systems."
data  breach  credit_cards  security  privacy 
22 days ago by rgl7194

Copy this bookmark:

to read