Home Tags Credentials

Tag: credentials

O2 Customer Data Sold on Darknet by Criminals

O2 Customers Data Sold on Darknet

Cyber criminals has collected customer data  of aleading digital communications company O2 and sold them on the dark net.According to the Victoria Derbyshire programme the sold information was out.O2  has reported about the theft to the police, and the inquiry is on process.

Three years ago, an attempt was made to log onto to O2 accounts by using username and password stolen from gaming website XSplit. Once if the login details matched the criminals can access O2 customer data where the process is known as “Credential stuffing”.

O2 has reported the case to the law of enforcement and sought help to inquire. It is a technique used to enter into other company’s accounts too.

Hacker selling 32 Million leaked Twitter accounts on the dark web

The news website says “Nothing is fool proof” as the whole data is for sale which includes user phone numbers, emails, passwords and date of births. Darknet is only visible to people using specialist web browsers. It is used for illegal activity.

Credential stuffing is an attack used to breach username or password to fraudulent to gain access to the user account which is a subset of brute force.  Please see the following fig.

Credential Stuffing

Hasnain Shaw, from Chester, was one of the people whose details we obtained. His data had already been used elsewhere to access more accounts.

“I was away from home when eBay contacted me to say there was some suspicious activity on my account. I checked, and it looked like there were cars for sale on my account.

Facebook Messenger to get “secret conversations” encryption tool later this summer

“Four weeks ago, I got a similar email from Gumtree. It looked like the same people had got access to that account because it was the same cars being advertised.”

He said he had used the same email address and password for both these accounts and the one with O2 but has since changed them. Before this happened, he had considered himself secure online and internet-savvy.

“I am considering using a password manager and two-step authentication, although nothing is foolproof,” he added.

O2 said in a statement: “Credential stuffing is a challenge for many businesses. We have reported all the details passed to us about the seller to law enforcement, and we continue to help with their investigations.

“We act immediately if we are given evidence of personal credentials being taken from the internet and used to try and compromise a customer’s account.”

Sourcehttp://www.bbc.com/news/technology

LinkedIn Confirms 2012 Hack Revealed 117 Million Users’ Credentials

Linkedin

Way back in 2012 LinkedIn experienced a huge data breach in which it was thought that 6.5 million user credentials were exposed, but now LinkedIn on Wednesday said that this hack expands to expose 117 million user email IDs and passwords. The Russian hacker who goes with the name “Peace” told Motherboard that the data was stolen during the LinkedIn data breach of 2012. And now he has put all the user information for sale on an illegal dark web market place.

“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” wrote Cory Scott LinkedIn’s chief-security officer, in a post on the company’s blog. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.” Hani Durzy, LinkedIn spokesman said the company has obtained a copy of the 117 million record data base, and that LinkedIn believes it to be real.

Instagram Hacked by a 10-year-old rewarded with $10000 by Facebook

According to the Motherboard, the data is being sold for 5 bitcoin i.e., around $2,200. LinkedIn after 2012 hack did not clarify how many users were affected by the breach. But it reset the passwords of 6.5 million users and advised users to change their credentials. LinkedIn at the time did not suspect the Email ID’s had been stolen.

Now, the paid hacked data search engine Leakedsource claims that it has acquired all the data. Peace and other Leakedsource person said that they have 167 million accounts in the hacked data and 117 million have both Email and encrypted passwords.

Russian Hacker trading Millions of email credentials for just $0.75

Scott suggests users to use two-factor authentication and strong passwords. Cyber security experts say that such data breach news should serve as a reminder to reset passwords frequently. LinkedIn says that it has increased the security measures over the years but to be safe LinkedIn suggests all the users to change the credentials even if you have not received any email suggesting the change.

Exhaustive Mexican Voters Database 93.4M records exposed Online