Category: Data Breaches

Oct 19 2016

LinkedIn says hacking suspect is tied to breach that stole 117M passwords

Enlarge (credit: Klaus with K)

An alleged Russian hacker arrested in the Czech Republic following an FBI-coordinated tip-off is suspected of taking part in a 2012 breach of LinkedIn that resulted in the theft of more than 117 million user passwords, representatives of the professional networking site said Wednesday.

"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," company officials said in a statement. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."

Word of the arrest came on Tuesday evening in a brief statement issued by Czech Republic officials. It said an unnamed man was arrested in Prague on suspicion of committing unspecified hacks on targets located in the US. The raid was carried out in collaboration with the FBI. According to The New York Times, the suspect was captured on October 5, about 12 hours after authorities learned he was in the country. His arrest was kept a secret until Tuesday "for tactical reasons," the paper reported.

Read 5 remaining paragraphs | Comments

Oct 19 2016

LinkedIn says hacking suspect is tied to breach that stole 117M passwords

Enlarge (credit: Klaus with K)

An alleged Russian hacker arrested in the Czech Republic following an FBI-coordinated tip-off is suspected of taking part in a 2012 breach of LinkedIn that resulted in the theft of more than 117 million user passwords, representatives of the professional networking site said Wednesday.

"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," company officials said in a statement. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."

Word of the arrest came on Tuesday evening in a brief statement issued by Czech Republic officials. It said an unnamed man was arrested in Prague on suspicion of committing unspecified hacks on targets located in the US. The raid was carried out in collaboration with the FBI. According to The New York Times, the suspect was captured on October 5, about 12 hours after authorities learned he was in the country. His arrest was kept a secret until Tuesday "for tactical reasons," the paper reported.

Read 5 remaining paragraphs | Comments

Jul 11 2016

Now it’s easy to see if leaked passwords work on other sites

(credit: Wikimedia)

Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other popular sites.

Shard, as the command-line tool has been dubbed, is designed to allow end users to test if a password they use for one site is also used on Facebook, LinkedIn, Reddit, Twitter, or Instagram, its creator, Philip O'Keefe, told Ars. The security researcher said he developed the tool after discovering that the randomly generated eight-character password protecting several of his accounts was among the more than 177 million LinkedIn passwords that were leaked in May.

"I used that password as a general password for many services," he wrote in an e-mail. "It was a pain to remember which sites it was shared and to change them all. I use a password manager now."

Read 4 remaining paragraphs | Comments

Jun 09 2016

Be wary of claims that 32 million Twitter passwords are circulating online

(credit: Matthew Keys)

The jury is still out, but at this early stage, there's good reason to doubt the legitimacy of claims that more than 32 million Twitter passwords are circulating online.

The purported dump went live on Wednesday night on LeakedSource, a site that bills itself as a breach notification service. The post claimed that the 32.88 million Twitter credentials contain plaintext passwords and that of the 15 records LeakedSource members checked, all 15 were found to be valid. Twitter Trust and Info Security Officer Michael Coates has said his team investigated the list, and he remains "confident that our systems have not been breached."

Lending credibility to Coates's claim, Twitter has long used the bcrypt hash function to store hashes. Bcrypt hashes are so slow and computationally costly to crack that it would have required infeasible amounts of time and effort for anyone to decipher the underlying plaintext. As of press time, there were no reports of a mass reset of Twitter users' passwords, either.

Read 3 remaining paragraphs | Comments