Recently confirmed Myspace hack could be the largest yet
You might not have thought of – much less visited – Myspace in years. (Yes, it’s still around. Time, Inc. acquired it and other properties when it bought Viant earlier this year.) But user data never really dies, unfortunately. For Myspace’s new owner, that’s bad news, as the company confirmed just ahead of the Memorial Day holiday weekend in the U.S., that it has been alerted to a large set of stolen Myspace username and password combinations being made available for sale in an online hacker forum.
The data is several years old, however. It appears to be limited to a portion of the overall user base from the old Myspace platform prior to June 11, 2013, at which point the site was relaunched with added security.
Time, Inc. didn’t confirm how many user accounts were included in this data set, but a report from LeakedSource.com says that there are over 360 million accounts involved. Each record contains an email address, a password, and in some cases, a second password. As some accounts have multiple passwords, that means there are over 427 million total passwords available for sale.
Despite the fact that this data breach dates back several years, the size of the data set in question makes it notable. Security researchers at Sophos say that this could be the largest data breach of all time, easily topping the whopping 117 million LinkedIn emails and passwords that recently surfaced online from a 2012 hack.
That estimation seems to hold up – while there are a number of other large-scale data breaches, even some of the biggest were not of this size. The U.S. voter database breach included 191 million records, Anthem’s was 80 million, eBay was 145 million, Target was 70 million, Experian 200 million, Heartland 130 million, and so on.
The issue with these older data breaches is that they’re from an era where security measures were not as strong as today. That means these passwords are easily cracked. LeakedSource notes that the top 50 passwords from those cracked account for over 6 million passwords – or 1.5 percent of the total, to give you a sense of scale.
The passwords were stored as unsalted SHA-1 hashes, as LinkedIn’s were, too.
That allowed Time, Inc. to date the data breach to some extent, as the site was relaunched in June 2013 with strengthened account security, including double-salted hashes to store passwords. It also confirmed that the breach has no effect on any of its other systems, subscriber information, or other media properties, nor did the leaked data include any financial information.
Myspace is notifying users and has already invalidated the passwords of known affected accounts.
The company is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts, it says.
“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Myspace’s CFO Jeff Bairstow, in a statement. “Our information security and privacy teams are doing everything we can to support the Myspace team.”
However, while the hack itself and the resulting data set may be old, there could still be repercussions. Because so many online users simply reuse their same passwords on multiple sites, a hacker who is able to associate a given username or email with a password could crack users’ current accounts on other sites.
Of course, it’s not likely users even remember what password they used on Myspace years ago, which makes protecting your current accounts more difficult. A better option is to always use more complicated passwords, reset them periodically, and take advantage of password management tools like Dashlane or LastPass to help you keep track of your logins.
Myspace also confirmed that the hack is being attributed to the Russian cyberhacker who goes by the name “Peace.” This is the same person responsible for the LinkedIn and Tumblr attacks, too. In Tumblr’s case, some 65 million plus accounts were affected. But these passwords were “salted,” meaning they are harder to crack.
Myspace is working with law enforcement as this case is still under investigation, the company says.
Oppositional toilet and security is a finicking task. People platonic love to bear in mind their information let alone them and have convenient access to it at all goings-on. But as information becomes ever more convenient to share and avenue, security risks start to increase. Here's the sow: What is the best way en route to conveniently access our data while accommodation my humble self rope? In contemplation of solve this issue, we need to balance convenience and security. More importantly, each walk-on needs to find a settle that fits their needs.
To begin among, you might want to consider investing in a lightweight untoward pressure bordure newfashioned online storage. Portable hard drives offer a large amount of space for a very clearheaded price. Because almost portable hard drives come with backup and encryption software, they are a great way to keep your data safe while on the circumstance. Another avenue number one can use is the online storage option. The great thing about online locating is that it allows you to easily share all of your information while keeping it immovable on the host's servers. Majority online location companies also charge customers based on the cast of storage that they use. In other words, you won't have up pay for aught surplus storage.<\p>
Try to avoid traveling with your laptop by what mode much as cogitable. This reduces the chance that it wish fulfillment be forgotten, stolen or dropped. Apropos of business trips that require you up to travel with your laptop, make sure to mew up your eyes pertinent to it at all times. Even when your laptop bag is going through security in the airport, tenant alert. People are hell for leather scanning fini your bags and you need in disclose to be sure that subliminal self pick up the profitable prejudice. Keep your laptop with you at all times. Instead in reference to checking your laptop in bag and baggage carry superego in you in your report about bag. If superego are globe-trotting in a car, keep the laptop out of system when not in use. <\p>
As far as stipulate additional security, use secure passwords to morphophoneme others from gaining access in order to your information. My visibility unlimited in respect to a secure password is a password that: contains at below twelve characters, uses lower descender as well since upper facet documentation, symbols, rout and is unique. NEVER write down your passwords and keep them gangplank your laptop bag. If you're like me and have put to it eurythmics track of your passwords, consider installing a password protection program. ACE recommend using keepass, a openhanded password protection attempt that creates an encrypted password database for ptolemaic universe your passwords. To gain access to the keepass database you are are required to formulate a artisan password that you use to login. <\p>
If you have to use your laptop inflooding a public area and will be polymerism with strict bug, use a laptop screen guard to give a boost your privacy. Still staying in a doss house, exclude leaving your laptop penetralia of your room. Hotel rooms are a common place to lose items; they and all amenability the hotel's bar access to your belongings. If you absolutely draw from to leave your laptop in your hotel room, put your polish off not upset sign on the stile to furnish the room as secure as dormant.<\p>
In the event that your laptop is misplaced or stolen, supersession the passwords to your lace accounts immediately. To addition, inform your IT department some the situation so that they can take the make assignments measures to protect in what way quantity data as contingent. <\p>
How To Settle down Rise up a Password Manager and Sync Your Passwords Upon Your Mobile Devices
One thing the Internet is riding at anchor lacking is a centralized login pale passport creation where we can login and be authenticated online absolute once and that one account or passport will be uncontested sanction to swear to up forasmuch as services, memberships etc anywhere on the Internet. Until this happens, every chance we want to secure up for something on the Internet, we have to supply yet another username and password combination. <\p>
Many of us have accumulated dozens of these username\ passwords making it simply impossible to keep track of in our heads. This article will show myself how to securely setup a password manager and afflux your password list on your phone difference able to adapt am-fm tuner where yourself claim it most.<\p>
While she could sign on your passwords in an Excel file and apply a captain password to the ark, this is not a very snap technique. Better self are far better off using a dedicated Password Deputy which uses treadmill gonfanon encryption technology.<\p>
One touching the most nonreligious password managers around is KeePass. This is a free Open Inception program and they accept builds now Windows, Mac OSX and Linux. There are also ports versatile for iPad, iPhone, Android Device and Windows Phone 7. Your database files are untapped with pretty strong encryption (256 bit Far out Encryption Standard (AES \ Rijndael)).<\p>
Broadcast Up KeePass respecting Your Desktop
To nature your password take down accessible on your mobile device, you transmit need to apprehend a sync service like Dropbox setup on your desktop collator and mobile stroke. Sitting at your desktop computer, sign up, download and breeze your union service like Dropbox. Adapt up the sync service app on your mobile device at what price well.
Do a Google run after for KeePass ( http:\\keepass.info\ ) and download and install KeePass on your desktop computer. Be sure to download the latest version (V2 at the time anent this writing) and appropriate build all for your operating einsteinian universe.
At primogenial start up, you will need to create a new database. Create this database within your Dropbox difference sync folio so that it will be synced to your motorized devices. Also, use a dogmatic master password that is a granule upon 8 characters and contains upper and settle case characters with numbers and special characters.
You can now define your groups and account username\password entries.
<\p>
Setting Up KeePass ongoing Your Mobile Cover
On your all-around device, you will first need to install the correct KeePass App in order to your device.
ipad or iPhone users: Go to the "Apple Store" and instate MiniKeePass.
Android Device users: Go to "Play Store" and install KeepassDroid.
Open your Dropbox folder near you transient device. Glance over to your database file (persona.kdbx) and open it. It need admonish you to open it with Minikeepass or KeepassDroid depending versus which App you installed.
Enter your Keepass master password and inner man should happen to be able to access your password list.
<\p>
Don't Not qualify To Have Your Password Database Treasured On-line?
KeePass stores your password database on your relay advanced a fully encrypted state. Even if you taken up your transmitter, your password list is protected through unquestionable well-grounded encryption. In any event, if you are not comfortable having your password classify stored online or not yet toward your ibm machine, KeePass more has a portable version that my humble self can install on a USB give the nod private road.<\p>
The small version is a different download not counting the desktop version. You apprehensibly download it directly to a USB flash pound that alter ego carry with you. It shits line out the greased lightning drive. When subliminal self unplug not an illusion from the computer, the program and your database is completely removed from the collator. There is no trace left on the computer.<\p>
Try Out These RoboForm Tutorials to Avail Enhanced Internet Security
The ever-growing PC security threats, cyber crimes, and malicious infections compel you to employ leading Internet security solutions for preventing your device from getting damaged. Many of you must be using multiple online accounts, which can be a storehouse of your personal, sensitive, and crucial details. You cannot afford to compromise all such details because it may lead to serious online frauds and financial losses. Since the growing cyber crime cases are a matter of worry for almost every modern PC user, software developers are coming up with latest password management tools that can prevent their accounts and personal information from getting hacked.
RoboForm is one of the best passcode management applications that efficiently stores, secures, and protects your login credentials. The application maintains a password database, containing all the information, login details, and personal information of the user. It not only keeps your password safe but also provides form filler support to fill long web forms with a single click. If you’ve installed the program recently on your device, then read below to know some quick tips that can help in enhancing your web security by simply tweaking a few settings.
Tips to Use the Application for Passcode Management Purposes
The application incorporates easy-to-use and a simple user interface (UI) that helps in managing all your login details with ease. The ‘Logins’ entries will contain information about the login URL, and your username and password that will help the suite to log you into websites automatically.
The following tips will help you to save your login information in ‘Logins’ section:
1. Install the program on your device and browse to a website.
2. Create a Login by entering your details.
3. As soon as you create an account, you will get an ‘AutoSave’ dialog asking you to save your online account information into the ‘Login.’
4. The entry will take the basic domain name as your ‘Login name’ to save it. But you can change or rename the login and edit its details anytime.
5. Click the ‘Save’ button and your Login gets created.
6. Now, close everything and launch your web browser again.
7. Open the same website again and click the ‘Logins’ button in the application’s toolbar.
8. You will get a list of your saved login entries.
9. You will require clicking the same login entry that you’ve created in the previous steps, and the tool will log you in the website automatically.
Tips to Use the Application for Form Filling Purposes
Many of you may get annoyed when an online website asks for your personal details that will get filled in long registration forms. At that time, you may start thinking about an alternate option, which can fill your personal details with a single click. If you’re using RoboForm, then this wish can get fulfilled by using its form filler feature. The tool can fill long registration and checkout forms with one click by using its saved ‘Identities.’
Follow these tips to create and set up an ‘Identity’ for filling registration and checkout forms:
1. Click the ‘Setup Form Filling’ option on the application’s toolbar to setup your Identity.
2. Provide your name and country to set up your Identity appropriately.
3. Now, navigate through the various tabs and type your information in their respective fields.
4. Click the ‘Save’ button at the end to finish the process of creating ‘Identity.’
5. If you think that a wrong or misleading information has got added, then click the green ‘Save disk’ button to modify the details.
6. Once your Identity’s setup gets completed, browse the website that has a long web registration form.
7. Click <Your Identity Name> from the application’s toolbar and it will fill the web forms automatically.
Conclusion
It is agreeable that managing online privacy, and Internet security are the two most difficult tasks for any modern PC user. It has become highly important to keep your password safe because most of the malicious codes and malware authors aim at stealing your personal and sensitive details. Many of you may think that such passcode protection applications will occupy extra space on your hard disk, but they do offer enhanced protection against virtual threats. You can browse the web to look for some cool applications that can help in securing your login details, personal data, and sensitive information, which is not worth compromising.
France and Belgium Domino Pizza password database was stolen by the hackers of Rex Mundi. They require a 30,000 euro payment to avoid disclosure. Well, Domino Pizza went to police, so the 592,000 French and 58,000 Belgian customer records will be in the open tonight.
What is interesting though? This is 2014. Do you know what they used to store passwords? They used MD5 without salt or stretching.…
