Welcome to The Dashlane Tech Check for July 21, 2017!  I’ll help you catch up on Dashlane-related news and the big news in the tech industry. 

What in the (security) world?

Here’s what made headlines this week in the world of digital identity, security, and privacy:

Hackers stole $7 million of Ethereum from CoinDash

Photo Credit: bitcoin-4k.com

Cryptocurrency social trading startup, CoinDash, had its crowdfunding page hacked during a token sale Wednesday. According to InfoSecurity Magazine, the attackers hacked the CoinDash website and changed the official Ethereum to a different address, sending investors’ money directly to themselves. Approximately 2,000 investors sent a total of 37,000 ETH (worth $7 million USD) Ethereum to the wrong address, but the company said it will reimburse all of the victims and launch an internet forensic investigation.

Hackers steal $30 million worth of Ethereum from Parity Technologies

Aside from the CoinDash hack, wallet software provider Parity Technologies also lost millions of dollars worth of Ethereum in a separate security incident. According to InfoSecurity Magazine, 150,000 ETH (worth $30 million USD) was stolen from some account holders–3 confirmed thus far–as the result of a critical bug in the software. The company confirmed that the bug has been fixed, but it is still unclear who is behind the attack.

A new study finds tech-savvy Millennials still have the worst password hygiene

Share passwords safely

According to new research from Wakefield Research, 92 percent of Millennials say they use the same password to protect multiple online accounts, compare to 81 percent of all those surveyed for the study. The report also found 36% of American respondents were more concerned about their online information being stolen than their wallet being stolen (31%).

What could possibly go wrong by reusing passwords? We’ll show you how hackers exploit reused passwords using an simple, effective hacking method–credential stuffing. 

Ashley Madison reaches a proposed settlement for 2015 data breach

Adult dating site Ashley Madison has reached a proposed settlement worth $11.3 million following its 2015 data breach that exposed 37 million user records. Infosecurity Magazine reports that the 2015 data breach exposed usernames, full names, email addresses, passwords, credit card information, street addresses, phone numbers, transaction records, and other personal data. The money will compensate users who claim alleged losses as a result of the breach.

Critical vulnerability in Segway hoverboards can give hackers full control of the device

According to InfoSecurity Magazine, critical vulnerabilities found in Segway Ninebot miniPRO hoverboards can give hackers the ability to remotely control the device. Researchers from IOActive said that an attacker could bypass the hoverboard’s security mechanisms to change its settings, light colors, and its pace and direction.

Security researcher finds critical security flaw on MySpace

If you haven’t deleted your account after last year’s massive data breach, here’s another great excuse to do so. According to Gizmodo, security researcher Leigh-Anne Galloway found a security loophole on Myspace’s account recovery page, which allows anyone with knowledge of the account holder’s full name, email, and birthdate to access the account without validating the user’s email. Myspace responded by completely removing the recovery page.

US Justice Department seized dark web marketplace AlphaBay

Multiple outlets reported the disappearance of the popular dark web marketplace, AlphaBay last week. Now, according to Engadget, the US Justice Department has seized AlphaBay and has brought civil charges against its late operator, Alexandre Cazes, and his wife. Cazes was arrested in Thailand earlier this month but committed suicide while in custody. AlphaBay was a popular platform to buy and sell illegal drugs, chemicals, weapons, counterfeit goods, hacking tools, malware, fraudulent services, and much more.

Data Breach Alert

Dow Jones & Company leaked at least 2.2 million customer records

Security researchers found a semi-public cloud-based repository containing at least 2.2 million Dow Jones publication subscribers available online. Exposed data include names, addresses, account information, email addresses, and the last four digits of credit card numbers. The number of affected subscribers could be as high as 4 million, according to Infosecurity Magazine.

Dashlane News You Shouldn’t Snooze

Dashlane named one of the best productivity apps you can find on the Google Play Store

Blorge.com included Dashlane in its roundup of the best productivity apps you can find in the Google Play Store.

“Today, people have accounted for everything and it can get pretty hard to remember which password goes with what account. Luckily, you don’t have to fill up your memory with such things as the Dashlane Password Manager offers a great platform”.

Dashlane offers its tips on how to protect one’s money while traveling this summer

Dashlane’s Community Manager, Malaika Nicholas (that’s me!) shared tips on how to keep your money and credit cards safe as you travel with Newsday.

“Be discreet ‘When sightseeing, disguise cash, credit cards and valuables in unassuming places. Don’t keep your cash or credit cards in the front pocket of your backpack, in a wallet stashed in your back pocket, or a fanny pack. Instead, keep them in a small baggie, enclosed within another bag, stored at the bottom of your backpack, or carry cash and payment information in a lanyard hidden under your shirt,’ says Malaika Nicholas, community manager for Dashlane, a Manhattan provider of password management and digital wallet service.”

Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.

Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, the Hard Rock, Lowes, and Trump hotels were all affected by a third-party data breach. Find out how much data was affected!