- So You Want to Talk About Race - Ijeoma Oluo
- How to Be an Antiracist (Unabridged) - Ibram X. Kendi
- White Fragility: Why It's So Hard for White People to Talk About Racism (Unabridged) - Robin DiAngelo
- Hustle Harder, Hustle Smarter - 50 Cent
- Camino Winds (Unabridged) - John Grisham
- The Terminal List (Unabridged) - Jack Carr
- You Are a Badass: How to Stop Doubting Your Greatness and Start Living an Awesome Life - Jen Sincero
- Good Omens - Neil Gaiman & Terry Pratchett
- Open Book - Jessica Simpson
- A Minute to Midnight - David Baldacci
en apple news
آخرین مطالب
امکانات وب
Your passwords are worthless.
At least, that's the message coming from a hacker who traded more than 272 million account credentials to a cybersecurity company in exchange for praise on a social media platform for hackers.
The passwords and useames belonged to accounts from Russia's largest email provider, Mail.Ru, as well as a smaller number of accounts each from Gmail, Yahoo Mail and Microsoft Hotmail. While it doesn't mean there was a breach of the email services themselves, it is a huge amount of data. Cybersecurity experts say trades like this are an everyday occurrence and show how exposed our passwords really are.
Alex Holden, chief information officer at Hold Security and a cybersecurity researcher who specializes in Easte European hacking, said the hacker originally offered the cache to the company for the equivalent of just $11, but after some negotiating provided the information in exchange for plaudits on a members-only hacking forum.
"He didn't value this data," Holden said.
Mail.Ru said the company was examining the data to see how many passwords were currently connected to email accounts. "As we have enough information we will wa the users who might have been affected," the company said in the statement. "Mail.Ru email service has been working hard to continuously improve its security system."
Yahoo said it is also trying to examine the list of credentials.
"We've seen the reports and our team is reaching out to Hold Security to obtain the list of accounts now. We'll update going forward," the company said in a statement.
Microsoft representatives didn't immediately respond to a request for comment. The company confirmed to Reuters that password-and-useame caches are a real problem but didn't specifically comment on whether this cache contained its users' login information.
Google declined to comment on the specific incident. The company wrote a blog post in 2014 about the problem of "password dumps," offering tips to users on what to do when such lists are posted online.
"It's important to note that in this case and in others, the leaked useames and passwords were not the result of a breach of Google systems," the company wrote in the blog post, which responded to a different data dump.
Even though the hacker practically gave the login information away for free in the data dump revealed Wednesday, it's valuable to email users, who would do well to change their passwords often and never reuse them on other accounts, Holden said. They should also take advantage of two-factor authentication on their most valuable accounts, he said, even if it's a little inconvenient.
That's the login technique that verifies who you are by sending you a text message or push notification to a separate phone or tablet. Mail.Ru said in a statement that it began offering a two-factor system last year, along with other increased safety measures; the other affected email providers also offer that service.
Holden said he believes his company has found the three-largest password caches online ever, including this one, "not that it's a good thing to hold that record." Large troves of credentials get passed around all the time, he said.
Big data breaches tend to yield passwords, as do phishing campaigns and other efforts that trick Inteet users into handing their credentials over to phonies. Some people on dark coers of the Inteet will compile huge lists out of these smaller caches, like the one Holden's company discovered. So while the cache revealed Wednesday seems like a big deal, it's also just the tip of the iceberg.
"It's a huge amount of credentials," said Holden, "but credentials are being stolen and trafficked on a daily basis."
ما را در سایت en apple news دنبال میکنید
برچسب: نویسنده: استخدام کار بازدید: 216