Skip to main content

Friday Five: 6/17 Edition

by Ellen Zhang on Thursday October 13, 2016

Contact Us
Free Demo

It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.

1. Hacker puts 51 million file sharing accounts for sale on dark web by Zack Whittaker

A breach at iMesh is the newest attack on social sharing networks, following in the wake of recent hacks on MySpace, LinkedIn, and Twitter. iMesh, once the third largest music subscription service in the United States, has reportedly been breached. The file sharing site suddenly shut down last month, and this week it appears that private information from 51 million accounts has been put up for sale on the dark web. Experts say that iMesh was first breached in September 2013, leaving millions of active and disabled accounts vulnerable to the whims of cyber criminals. User information was encrypted using MD5, which is easy to break and does not provide sufficient security. Read the full article for more info.

2. Password reset: 45 million creds leak from popular .com forums by Darren Pauli

Another large hack this week effectively leaked 45 million credentials from over nine hundred online forums. Data that was breached include usernames, passwords, emails, and IP addresses. Like in the iMesh hack, most of the passwords stolen were encrypted using MD5. However, a significant number of passwords consisted of the same complex codes, suggesting that malware already inhabited the sites. Many were also running outdated communication software that made them vulnerable to attacks. Users with accounts that fall under the umbrella site VerticalScope will have the opportunity to check which credentials have been compromised, for a fee. With these strings of hacks, it may be best for people to take some steps to help ensure their passwords are safe moving forward. For more on this latest group of hacks, read the full article.

3. 5 Steps Law Firms Should Take to Protect their Sensitive Data by Mark Stevens

In the past few years, cybercriminals have been targeting law firms for their abundance of client information and sensitive data. There have been many security incidents within this past year alone, including high-profile law firms such as Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP. The spike in law firm cyber-attacks is highly concerning, but being proactive is the best solution. Steps, such as increasing employee security awareness through methods like gamification and implementing Data Loss Prevention, will help law firms protect their sensitive data. Read the full article on IPWatchdog.

4. 290,000 US Driver’s License Records Leaked by Liviu Arsene

A hacker going by the name “NSA” has put 290,000 US driver’s license records for sale on The Real Deal, the same Dark Web database where another hacker is selling over 100 million LinkedIn accounts. “NSA” breached the databases of several Louisiana organizations that had information on driving violations. Leaked data includes names, DOB, driver’s license number, address, and phone number, among other personal details. In terms of price, “NSA” is willing to negotiate with each potential buyer to reach a price they both agree on. For more information on “NSA” and his hack into Louisiana databases read the full article.

5. GitHub attacker launched massive login campaign using stolen passwords by Sean Gallagher

From the breach of other online sites, a hacker has used those passwords to attempt a massive number of login attempts into GitHub accounts. While the passwords stolen from such sites as Myspace, Twitter and LinkedIn were years old, the hacker was able to access several accounts. Personal information such as listings of accessible repositories and organizations may have been exposed. GitHub is recommending two-factor authentication for its users. Read the full article on ArsTechnica.

Tags:  Security News

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.