Welcome to The Dashlane Tech Check for September 1, 2017! I’ll help you catch up on Dashlane news and the biggest headlines in the tech and information security industry. And, I’ll include a useful life hack that will keep your personal and work-related data secure all year long.
Data Breach Center
711 Million email addresses and millions of passwords were leaked from a Spambot server. Have you been pwned? Here’s how to find out.
Approximately 711 million email addresses and millions of passwords have been leaked from the spambot server, dubbed “Onliner Spambot”, making this one of the largest data breaches ever. To get a sense of its magnitude, security expert Troy Hunt said this breach is the equivalent of “almost one address for every single man, woman, and child in all of Europe.”
According to Hacker News, a security researcher by the Twitter name Benkow discovered the data on an “open and accessible” server that was used to send out spam containing a credit card and credential-stealing trojan virus since 2016. However, there is very little information about who is behind the Spambot or how they compiled their database.
What we do know is that not all of the email addresses and some passwords link to real accounts–some were scraped from other data breaches at LinkedIn, Myspace, and Dropbox to name a few, others appear to have been guessed, and about 2 million were from a Facebook phishing campaign. Millions of passwords are also included in the data breach, and appear to be collected from other data leaks at LinkedIn, Exploit.In, and other existing databases of stolen passwords.
If you’re worried about your data being compromised in this data breach, follow these three tips:
- Check for your email address on the Have I Been Pwned site.
- If your email address is listed as part of this data breach, change the password to your email address immediately. We have some tips on how to make a strong password here. If you reuse your password across multiple accounts, create new, unique passwords for every single one of your accounts.
- Enable two-factor authentication on your email account. Here’s how to turn on 2FA for Yahoo, Gmail, Outlook, AOL, and other providers.
CeX data breach leaked data of 2 million gamers
The gaming marketplace, CeX, experienced a data breach potentially affecting 2 million of its customers. According to a statement from CeX, personal information, including first name, last name, street addresses, and phone numbers were compromised. There were also a few cases where encrypted data from expired credit and debit cards may have also been exposed. It’s currently unclear how the company’s site was breached, but CeX is advising affected customers to update their passwords, especially if they reuse it on multiple sites.CeX experienced a data breach potentially affecting 2 million of its customers! Learn more in Dashlane's Tech Check. Click To Tweet
Zazzle denies hack, but resets thousands of user passwords due to brute-force attempts
Online marketplace Zazzle warned customers that their accounts may have been compromised–although the company claims they have not been hacked. According to ZDNet, thousands of accounts may have been breached in June when hackers used brute-force attacks and stolen credentials from another website(s) data breach to access accounts. In response, Zazzle has reset users’ passwords and added a CAPTCHA on its login page.ATTN: #Zazzle customers! Thousands of users are urged to update their passwords. Here's why. Click To Tweet
Essential phone founder apologizes for “humiliating” data leak
Essential’s founder and CEO Andy Rubin apologized for what he called a “humiliating” data breach in which personal information for approximately 70 customers was shared with other customers. According to The Verge, customers were asked to send personal information over email to satisfy shipping confirmation requirements. Rubin apologized for the error and offered one year of LifeLock affected customers.#Essential phone founder apologizes for “humiliating” data leak affecting several customers. Learn more here! Click To Tweet
What in the (Security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Instagram hack exposes phone numbers and email addresses of celebrities
Instagram has notified verified members that “one or more” hackers compromised some private information of high-profile stars. BCC News reports that a bug in the app’s API is to blame. No passwords were stolen, but that the company advised users to watch out for suspicious account activity.Hackers expose phone numbers and email addresses of high-profile celebrities on #Instagram! Click To Tweet
Selena Gomez’s Instagram account was hacked; hackers share pictures of nude Justin Bieber
Singer Selena Gomez’ Instagram account was taken over by a hacker on Monday, who then shared multiple nude pictures of Gomez’s ex-boyfriend Justin Bieber. According to Complex News, the nude photos were taken by paparazzi during Bieber’s Bora Bora vacation in 2015. Gomez has yet to comment on the incident.Selena Gomez’s #Instagram account was hacked & #hackers shared pictures of nude Justin Bieber! 😳 See: Click To Tweet
8 members of President Trump’s cybersecurity advisory council have resigned
8 members of the National Infrastructure Advisory Council, a group responsible for crafting the US’s response to cyber threats, have resigned. According to Business Insider, the advisors sent a joint letter outlining several reasons for their resignation, including Trump’s controversial response to the violence in Charlottesville, his withdrawal from the Paris climate deal, and “insufficient attention” to cyber threats targeting American infrastructure, like our election systems.8 members of President Trump’s #cybersecurity advisory council have resigned. Here's why they resigned: Click To Tweet
WikiLeaks’ website was temporarily taken over by OurMine
The hacking group OurMine–notorious for hacking Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, and Google CEO Sundar Pichai–defaced WikiLeaks’ website. The Hacker News believes the group launched a DNS poisoning attack. WikiLeaks has since regained access to their DNS server.
#WikiLeaks’ website was temporarily taken over by #OurMine! More info here: Click To Tweet
— KEEM 🍿 (@KEEMSTAR) August 31, 2017
The State of Enterprise Security
Insider threats account for almost 75 percent of security incidents
According to new research from Ipswitch, nearly 75 percent of security breach incidents were the result of an insider threat. These findings are far from surprising. A survey of Black Hat conference attendees found that 84 percent of cyber attacks were the result of some sort of human error, including using guessable passwords, failing to patch software, and leaving physical devices unattended.Insider threats account for almost 75 percent of security incidents. Here's why every #business owner should care: Click To Tweet
This Week’s Lifehack to Improve Your Security
This week, we announced that we’re collaborating with Intel to bring built-in Universal Second Factor (U2F) support to Dashlane’s password manager for Windows systems featuring the new 8th Generation Intel® Core™ Processors.
But what is U2F and how does it differ from 2FA? Is it more secure? This week, we’re sharing this video from Duo Security, which explains what U2F is and how it keeps your data secure.But what is U2F and how does it differ from 2FA? Is it more secure? Check out this gret video from @Duosec: Click To Tweet
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check!