7 million Dropbox username/password pairs apparently leaked [Updated]

Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin allegedly containing login credentials for hundreds of Dropbox accounts. The poster claims that 6,937,081 account credentials in total have been compromised.

reddit users who tested some of the leaked credentials have confirmed that at least some of them work. Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though thus far passwords for other accounts do not appear to have been reset.

The hackers claim that they will release more username/password pairs if they receive donations to their Bitcoin address.

Read 2 remaining paragraphs | Comments

ThreadFix – Vulnerability Aggregation & Management System

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate...

Read the full post at darknet.org.uk

Developer of hacked Snapchat web app says “Snappening” claims are hoax [Updated]

Posters to 4Chan’s /b/ forum continue to pore over the contents of thousands of images taken by users of the Snapchat messaging service that were recently leaked from a third-party website. Meanwhile, the developer behind that site, SnapSaved.com, used a Facebook post to say it was hacked because of a misconfigured Apache server. The statement also gets into the extent of the breach, while playing down reports that personal information from the users involved was also taken.

“I sincerely apologize on behalf of SnapSaved.com,” the developer’s spokesperson wrote. “We did not wish to cause Snapchat or their users harm, we only wished to provide a unique service.”

SnapSaved’s developer said there was no substance to claims by some 4Chan posters that a searchable database of the images stolen from the service’s server was being developed. “The recent rumors about the snappening are a hoax,” the developer wrote. “The hacker does not have sufficient information to live up to his claims of creating a searchable database.” The developer also said that the service actively “tried to cleanse the database of inappropriate images as often as possible…SnapSaved has always tried to fight child pornography, [and] we have even gone as far as reporting some of our users to the Swedish and Norwegian authorities.”

Read 14 remaining paragraphs | Comments

NSA’s “Core Secrets” suggests agents inside firms in US, abroad

The U.S. National Security Agency has worked with companies to weaken encryption products at the same time it infiltrated firms to gain access to sensitive systems, according to a purportedly leaked classified document outlined in an article on The Intercept.

The document, allegedly leaked by former NSA contractor Edward Snowden, appears to be a highly classified summary intended for a very small group of vetted national security officials according to details included in The Intercept article, which was published this weekend. The document outlines six programs at the core of the NSA's mission, collected under the name Sentry Eagle.

The Intercept claims the document states "The facts contained in [the Sentry Eagle] program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission."

Read 7 remaining paragraphs | Comments