Welcome to The Dashlane Tech Check for May 19, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.
Given the unusually high number of data breaches this week, we’ve decided to switch things up a bit and begin with breach alerts. To check if your accounts have been compromised in any of these breaches, click here.
560 million credentials have been leaked online
Multiple outlets are reporting that a massive database of more than 560 million login credentials–including 243.6 million unique email addresses–has been leaked online. According to Lifehacker, researchers at Kromtech Security Research Center originally discovered the leak, but the source of the breach is currently unknown. In addition, according to CNET, the database is composed of credentials from past data breaches at Yahoo, LinkedIn, MySpace, Tumblr, Dropbox, and more.
17 million Zomato accounts compromised in data breach
17 million customer accounts have been stolen from Zomato, India’s biggest food discovery and delivery platform, and put for sale on the dark web for $1,000. According to the Huffington Post, the compromised data includes user email addresses and encrypted passwords. The company says that attackers will not be able to exploit the encrypted passwords, but still encouraged users to update them as a precaution. Zomato also claims that there has been no evidence that any “systems or products” have been accessed or misused, and no financial or payment information was compromised in the breach.
Bell Canada admits a hacker compromised almost 2 Million customer accounts
Bell Canada admits that a hacker has accessed the personal data of approximately 1.9 million customers. InfoSecurity Magazine is reporting that customer emails, names, and telephone numbers were compromised in the breach, but claims no passwords, financial, or any other sensitive personal information was accessed. On the bright side, InfoSecurity Magazine is also reporting that the hacker was “apparently only able to access around 1700 names and active phone numbers.” However, the hacker did manage to publish some of the data after Bell allegedly did not pay a ransom.
Thousands of health records compromised in a data breach at a Coney Island hospital
Crain’s New York is reporting a data breach at a Coney Island hospital, which is affecting almost 3,5000 patients. The data breach is the result of a phlebotomy department volunteer at NYC Health + Hospitals Coney Island illegally accessed patients’ names, medical record numbers, and dates of birth. Hospital chief executive Anthony Rajkumar said in a letter that the volunteer was not properly vetted by the hospital’s HR department.
Data breach at DocuSign led to spam campaigns, says company
On Tuesday, e-signature company DocuSign admitted that a hacker who gained access to customer email addresses is the source of a massive spam campaign. In a statement published in Bleeping Computer, the company says the hacker “gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.” As a result, customers received emails that were made to look like they were from DocuSign. The company also says that only email addresses were accessed, but “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents, and data remain secure.”
Muslim dating site informs users of apparent data breach
The Muslim dating site PureMatrimony.com informed it’s users of an apparent data breach and asked users to reset their passwords, according to Motherboard. Motherboard obtained a list of 120,000 hashed passwords that some users on a password cracking forum have already decrypted. The data breach did not compromise any other account information, such as email addresses or usernames.
United Airlines cockpit codes leaked by mistake
More bad news for United Airlines. According to ZDNet, the airline’s confidential codes used to access airplane cockpits was “inadvertently made public.” The error was caused by a flight attendant who posted the info online. “The safety of our customers and crew is our top priority and United Airlines utilizes a number of measures to keep our flight decks secure beyond door access information,” United said in a statement. “In the interim, this protocol ensures our cockpits remain secure. We are working to resolve this.”
What in the (Security) World?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Ongoing Global WannaCry ransomware attack
Since Friday, news outlets around the world have covered the ongoing WannaCry ransomware attack that has spread to at least 150 countries. To date, we still do not know who is behind the attack. In addition, Mashable is reporting that the WannaCry attackers have made a little over $80,000 thus far.
For more information about the WannaCry ransomware attack, see our recent blog post about ransomware and what you can do to protect yourself and your company.
“Any Half-Decent Hacker Could Break Into Mar-a-Lago”
Investigative reporters from ProPublica and Gizmodo tested the internet security at four of President Trump’s properties and their findings were less than stellar. In sum, the reporters visited two family-run retreats, the Trump International Hotel in Washington, D.C., and his golf club in Sterling, Virginia. During their investigation, they found “weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.”
The FCC strikes down net neutrality with vote against Title II rules
The Federal Communications Commission has voted to begin rolling back Obama-era regulations on Internet service providers (ISPs). In a 2-1 vote, NPR reports that the FCC’s Republicans voted along party lines to loosen net neutrality regulations. As NPR notes, this follows the FCC’s latest proposal to both reconsider “the legal approach that enforced those rules, but also whether the rules were warranted in the first place.”
Russian hackers sent Pentagon workers malware-laced Twitter messages
Russian hackers are trying a creative, new technique to trick U.S. targets. According to The Verge, agents of the Russian government sent malware-laced Twitter messages to more than 10,000 Department of Justice employees. If clicked, the malware would allow Russian agents to take control of the victim’s phone or computer, and their Twitter account.
Chelsea Manning released from prison 28 years early
Multiple outlets reported that transgendered former U.S. Army intelligence analyst Chelsea Manning was released from a military detention facility on Wednesday. Former President Obama commuted her 35-year sentence in January. According to InfoSecurity Magazine, Manning was charged with communicating national defense information to an unauthorized source and additional charges after stealing and distributing 750,000 pages of government documents and videos to WikiLeaks.
Dashlane News You Shouldn’t Snooze
Dashlane CEO Appears on Cheddar to discuss online password safety
Dashlane CEO Emmanuel Schalit was interviewed on Cheddar: Opening Bell last week to discuss password overload and password security. Click the image below to see the full video (interview begin around the 1 hour 50 minute mark).
Dashlane study cited in Shape Magazine article: “Here Are All the Things Women Would Supposedly Give Up Sex For”
Shape Magazine cited a 2016 Dashlane’s Harris Poll study on what people would forgo in order to keep their digital lives protected. The article cited our study, which found 44 percent of women would give up sex to avoid hacking, identity theft, or account breaching.
Protect yourself from cyber attacks by improving your passwords using Dashlane
Dashlane was cited in a CNET article about ways consumers can protect themselves in light of the massive WannaCry ransomware attack. CNet says the “only effective way” to secure your passwords is by using a password manager, like Dashlane.
This Week’s Lifehack to Improve Your Security
Still have questions about WannaCry, ransomware, and how to protect your devices? We got your covered. We break down everything you need to know about this week’s massive cyberattack, how ransomware works, and tips to keep your personal and work devices protected from ransomware attacks in the future.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.