dunk

ThirdRailForum

  • June 19, 2018, 02:39:59 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Stolen Passwords  (Read 67 times)

plus minus reset
0 Members and 1 Guest are viewing this topic.

The Wise and PowerfulTopic starter

  • Administrator
  • *
  • Reputation Power: 216
  • The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.The Wise and Powerful has a place in the TRF Hall of Fame.
  • Posts: 8349
  • Gender: Male
  • Location: A Mile High
  • Awards: 100 Replies - BRA1Ns Trip To Europe100 Replies - Whats Your Next Move??100 Replies - FLEA IS THE QUEEN!!!200 Replies - Australian Feminists Lose Their Minds Over..100 Replies - FoxMulders Kitchen100 Replies - Australian Feminists Lose Their Minds Over..100 Replies - Cookie OUTED?!?!?!?300 Replies - Lemon Went Shopping200 Replies - Lemon Went Shopping100 Replies - Lemon Went Shopping300 Replies - ATTN: Cunt Wranglers200 Replies - ATTN: Cunt Wranglers100 Replies - ATTN: Cunt Wranglers100 Replies - Good Riddance ???Win vs Blandscape 200 Replies - The Onslaught Has Begun100 Replies - The Onslaught Has Begun100 Replies - Presenting Sara (Lady Magdalene)100 Replies - GUESSING GAME 100 Replies - Lets Go Medieval On DrGoats100 Replies - Shooter Lived In BRA1Ns City100 Reply Thread - CLUSTERFUCK100 Reply Thread - Flame Town Adventures
  • OOTIKOF
    • Flame Links
Stolen Passwords
« on: November 13, 2017, 11:13:00 PM »

There are 1.9 billion stolen passwords and usernames available on the black market, and up to 25% of them will still work on a Google account (GOOG, GOOGL)
Kif Leswing
Business Insider | November 13, 2017



There are hundreds of millions of usernames and passwords traded on black markets that can be used to access Google accounts, write Google and Berkeley researchers in a major new paper.

The study, published over the weekend, uses Google's own, carefully controlled internal "proprietary data" as a case-study to see whether the hacked passwords and other accounts traded on hacker forums and the dark web actually work on real accounts.

It turns out, the researchers write, that as many as 25% of exposed passwords from data breaches traded on black market forums could be used to take control of a Google account.



"Through a combination of password re-use across thousands of online services and targeted collection, we estimated 7–25% of stolen passwords in our dataset would enable an attacker to log in to a victim’s Google account and thus take over their online identity due to transitive trust."

There are over 1.9 billion usernames and passwords on "black market" forums, write the researchers.

Basically, what this means, is because lots of people used the same password for their, say, MySpace account and their Google account, then when MySpace's database was breached, hackers could simply try all the breached passwords on Google, hoping that some would work.

MySpace isn't the only big site that's seen its database of usernames and associated password data breached.

This problem with password reuse has resulted in some of the most high-profile "hacks" in recent years. For example, Facebook CEO Mark Zuckerberg used the same password — "dadada" — for his Twitter and Pinterest accounts, which were briefly taken over in 2016 by hackers calling themselves the OurMine team.

OurMine, reportedly using stolen passwords, also targeted Google CEO Sundar Pichai, actor Channing Tatum, and Amazon CTO Werner Vogels.

Low-tech cyberweapons



Google ResearchThe researchers also looked at the specific pieces of malware used for phishing and for secretly recording what a user types.

Phishing tools are used to include links in fake emails that display websites that look the same as Yahoo, or Hotmail, so an unsuspecting users simply type their passwords into the sketchy site. There are 12.4 million potential victims of these kits, write the researchers.

There are also thousands of different "keyloggers," which run on a victim's computer and sends information back to an attacker, according to the report. These keyloggers have names like "HawkEye" or "Cyborg Logger."

It turns out, though there are lots of developers selling and distributing this kind of malware, there really haven't been any updates to how the core technology works in years.

"Compared to the capabilities of keyloggers and phishing kits dating back to the mid-2000s. we observe a marked lack of pressure on blackhat developers to evolve their core technologies," the researchers write.

"Phishing kits reported nearly a decade ago still rely on the same PHP skeleton and approach for reporting stolen credentials," it continued.

What you can do



Google ResearchThe researchers say there are a few easy steps companies like Google and users can take to protect themselves.

The researchers recommend two-factor authentication, which means that when logging in, a user would need a special security key or to type in a code sent through a text message to gain full access to an account.

The researchers also recommend using a password manager, which creates a new random password for each site — so if one site is breached, then hackers don't have access to your other accounts, especially your email.

Another easy thing to do is to not use an insecure password, especially one of the most commonly used passwords like "123456" or "abc123," especially if you're one of the Americans who are four times more worried about getting hacked than murdered.   

"For all Google users in our dataset, we re-secure all accounts via a forced password reset in the event their real credentials were exposed," the researchers noted.

Companies such as Google should consider encouraging its users to follow these practices too, the researchers write. The whole report is available from Google.

FULL STORY with active links at: https://finance.yahoo.com/news/1-9-billion-stolen-passwords-173207888.html
Logged



Quote from: Cardtrick

I suspect that the three x-men between them couldn't handle even OBI in a match.
That would be interesting - Obi vs. Oranje, LoCo and Duke.
Pages: [1]   Go Up
 

Page created in 0.311 seconds with 33 queries.