Friday Five: 6/17 Edition
It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.
A breach at iMesh is the newest attack on social sharing networks, following in the wake of recent hacks on MySpace, LinkedIn, and Twitter. iMesh, once the third largest music subscription service in the United States, has reportedly been breached. The file sharing site suddenly shut down last month, and this week it appears that private information from 51 million accounts has been put up for sale on the dark web. Experts say that iMesh was first breached in September 2013, leaving millions of active and disabled accounts vulnerable to the whims of cyber criminals. User information was encrypted using MD5, which is easy to break and does not provide sufficient security. Read the full article for more info.
Another large hack this week effectively leaked 45 million credentials from over nine hundred online forums. Data that was breached include usernames, passwords, emails, and IP addresses. Like in the iMesh hack, most of the passwords stolen were encrypted using MD5. However, a significant number of passwords consisted of the same complex codes, suggesting that malware already inhabited the sites. Many were also running outdated communication software that made them vulnerable to attacks. Users with accounts that fall under the umbrella site VerticalScope will have the opportunity to check which credentials have been compromised, for a fee. With these strings of hacks, it may be best for people to take some steps to help ensure their passwords are safe moving forward. For more on this latest group of hacks, read the full article.
In the past few years, cybercriminals have been targeting law firms for their abundance of client information and sensitive data. There have been many security incidents within this past year alone, including high-profile law firms such as Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP. The spike in law firm cyber-attacks is highly concerning, but being proactive is the best solution. Steps, such as increasing employee security awareness through methods like gamification and implementing Data Loss Prevention, will help law firms protect their sensitive data. Read the full article on IPWatchdog.
A hacker going by the name “NSA” has put 290,000 US driver’s license records for sale on The Real Deal, the same Dark Web database where another hacker is selling over 100 million LinkedIn accounts. “NSA” breached the databases of several Louisiana organizations that had information on driving violations. Leaked data includes names, DOB, driver’s license number, address, and phone number, among other personal details. In terms of price, “NSA” is willing to negotiate with each potential buyer to reach a price they both agree on. For more information on “NSA” and his hack into Louisiana databases read the full article.
From the breach of other online sites, a hacker has used those passwords to attempt a massive number of login attempts into GitHub accounts. While the passwords stolen from such sites as Myspace, Twitter and LinkedIn were years old, the hacker was able to access several accounts. Personal information such as listings of accessible repositories and organizations may have been exposed. GitHub is recommending two-factor authentication for its users. Read the full article on ArsTechnica.