HackDig : Dig high-quality web security articles for hackers

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So what’s Spotify doing leaving its user data hanging around on an unsecured database? Answer: It’s not.
Publish At:2020-11-25 13:36 | Read:116 | Comments:0 | Tags:Reports 2fa credential stuffing database Elasticsearch mfa P

Credential stuffing attack targeted 300K+ Spotify users

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million r
Publish At:2020-11-24 07:54 | Read:95 | Comments:0 | Tags:Breaking News Hacking credential stuffing hacking news infor

SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“This cyberattack involves using stolen credentials to log into web-based
Publish At:2020-11-16 00:37 | Read:130 | Comments:0 | Tags:Cyber Security Featured Articles credential stuffing Cyberat

The North Face resets passwords after credential-stuffing attack

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack.The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.
Publish At:2020-11-13 10:13 | Read:182 | Comments:0 | Tags:Featured Articles IT Security and Data Protection credential

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That’s because an open port can be subject to brute force attacks. What are brute force attacks? A brute force attack is w
Publish At:2020-10-20 11:47 | Read:286 | Comments:0 | Tags:Exploits and vulnerabilities Web threats 2fa attacks brute f

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

Malicious actors launched credential stuffing attacks that targeted Canada’s GCKey service and Canada Revenue Agency (CRA) accounts.On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing attacks.Those campaigns had compromised the credentials of
Publish At:2020-08-17 09:37 | Read:405 | Comments:0 | Tags:IT Security and Data Protection Latest Security News CRA cre

The skinny on the Instacart breach

The COVID-19 outbreak has affected many facets of our lives—from how we visit our families, socialize with friends, meet with colleagues, to how we should be conducting ourselves outside of our homes. Ideally, a few meters apart from everyone else and with a mask on. These—on top of imposed lockdowns—have pushed most people to stay indoors, pushing them t
Publish At:2020-08-11 13:11 | Read:330 | Comments:0 | Tags:Hacking credential stuffing Instacart bad security Instacart

15 billion credentials available in the cybercrime marketplaces

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing webs
Publish At:2020-07-09 10:21 | Read:574 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Deep Web Hacking ATO B

500,000+ Zoom accounts available for sale on the Dark Web

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums. Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums. Sellers are advertising them for .0020 cents each, in some cases they are offered for free. The huge trove of account credentials was not stol
Publish At:2020-04-13 18:25 | Read:1264 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Deep Web credential st

Thousands Zoom credentials available on a Dark Web forum

Security researchers discovered an archive available on a dark web forum that includes thousands of compromised Zoom credentials. Researchers discovered a database available on an underground forum in the dark web that contained more than 2,300 compromised Zoom credentials. Some of the records also included meeting IDs, names and host keys. The arch
Publish At:2020-04-12 11:39 | Read:1909 | Comments:0 | Tags:Breaking News Deep Web Hacking Security credential stuffing

Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach. 
Publish At:2020-03-31 04:51 | Read:993 | Comments:0 | Tags:Breaking News Security credential stuffing data breach Hacki

Boots yanks loyalty card payouts after 150K accounts get stuffed

byLisa VaasBoots, a UK pharmacy chain, has suspended payments on the loyalty cards of 14.4 million active customers after its security team spotted “unusual” activity on a number of Boots Advantage Card accounts.It wasn’t hacked, the company said in a statement, and this isn’t what you’d classify as a breach. Intruders didn’t get into
Publish At:2020-03-06 08:12 | Read:966 | Comments:0 | Tags:2-factor Authentication Security threats 2FA Advantage Card

Ring makes 2FA mandatory to keep hackers out of your doorbell account

byLisa VaasLeery of losing microseconds of your life by using two-factor authentication (2FA) to keep your stuff safe from hackers?Alas for you, but hurray for security. Bit by bit, the Internet of Things (IoT) is getting a wee bit more secure: last week, Google announced that it would soon begin forcing users of its Nest gadgets to use 2FA, and this week, s
Publish At:2020-02-20 07:51 | Read:1153 | Comments:0 | Tags:2-factor Authentication Amazon IoT Security threats 2FA cred

6 ways hackers are targeting retail businesses

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they’ve lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience retail hacking. Cybercriminals must often work harder to
Publish At:2020-01-08 16:50 | Read:1065 | Comments:0 | Tags:Web threats credential stuffing EMV technology Magecart near

Tools