avoidthehack

avoidthehack , 23 days ago to random

361 million stolen accounts leaked on Telegram added to #HIBP

User username and password combos added to Have I Been Pwned database.

Almost half were emails not found in Have I Been Pwned’s database prior.

These credentials were found in various #Telegram channels.

Users should avoid reusing#passwords and avoid using passwords that have been leaked/cracked previously. It is also encouraged to use #mfa - especially for sensitive accounts.

#cybersecurity #security #infosec

https://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp/

avoidthehack , 24 days ago to random

#Google Leak Reveals Thousands of #Privacy Incidents

Most of these have not been publicly reported. According to @404mediaco: "The data obtained by 404 Media includes privacy and #security issues that Google’s own employees reported internally." Goes from 2013 to 2018.

Some of the incidents...

• in 2016, a Google employee reported that Google Street View’s systems were transcribing and storing license plate numbers from photos.
• public exposure of more than one million users’ email addresses from Socratic.org, a company that Google acquired.
• a Google speech service logged all audio, including an estimated 1,000 childrens’ speech data, for around an hour.
• A filter that was supposed to stop childrens’ voices from being collected was not correctly applied.
• When iOS users of Google Drive or Docs set access controls on a file as “Anyone with the link,” Google actually treated it as a “Public” link.

#cybersecurity #infosec

https://www.404media.co/google-leak-reveals-thousands-of-privacy-incidents/

avoidthehack , 29 days ago to random

#PayPal is building an ad network based on your #Venmo data

Quoting: “If you’re someone who’s buying products on the web, we know who is buying the products where, and we can leverage the #data..."

They will collect this data by default - users will have to opt-out.

This will affect both PayPal and Venmo users.

#privacy #privacymatters

https://www.theverge.com/2024/5/28/24166381/paypal-building-ad-network-transaction-data

jerry , 30 days ago to random

I think I’m ready for retirement.

jerry , 1 month ago to random

Time to update all your iThings

avoidthehack , 3 months ago to random

Define surveillance using only 3 emojis.

🧿🧿🧿

avoidthehack , 3 months ago to random

Pluralistic: Your car spies on you and rats you out to insurance companies

They’re also mobile #cybersecurity nightmares…

#privacy #privacymatters

@pluralistic

https://pluralistic.net/2024/03/12/market-failure/#car-wars

avoidthehack , 3 months ago to random

Over 15,000 hacked #Roku accounts sold for 50¢ each to buy #hardware

A credential stuffing campaign has compromised 15k Roku accounts. Credential stuffing is where threat actors take credentials leaked from other unrelated data breaches and try them against other accounts/services.

Compromised accounts were sold and/or attached payment info used to purchase other things.

Stop reusing #passwords and to never reuse any password exposed in any #databreach.

#cybersecurity #security

https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-buy-hardware/

avoidthehack , 4 months ago to random

#Twitter alternative spouts a massive leak

I didn’t even know that “Spoutible” (the Twitter alternative in question) was a thing.

A poorly secured #API allowed scraping of:

• user emails
• IP addresses
• phone numbers
• name
• username
• 🚩hashed passwords
• 🚩2FA codes

PS: pretty much affects their whole user base. Yikes.

#cybersecurity #security #dataleak #spoutible

https://www.theverge.com/2024/2/5/24061997/twitter-alternative-spoutible-vulnerabilty