Well now, this is disturbing -- it's being reported that a Russian crime ring is in possession of around 1.2 billion stolen Internet credentials, which is the biggest collection of its kind. That includes user names and password combinations, along with more than 500 million email addresses collected from 420,000 websites. With that in mind, now might be a good time to change up your passwords for your more important accounts.
Hackers stole customer data from Kickstarter's database
Kickstarter's rising popularity has apparently made it a target for hackers, some of which recently weaseled their way into the crowdfunding site's database and made off with some sensitive information. Some usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords were compromised in the data breach, though Kickstarter says no credit card data was accessed.
If you're one of the approximately 1.8 million registered users at Canonical's UbuntuForums.org portal, then consider your login details compromised. You should have received an email from "The Canonical Sysadmins" this morning alerting you to the security breach that allowed a remote attacker to make off with your username, email address, and an encrypted copy of your password after breaking into the forum's database.
Contrary to its popularity, "password" is not a good password.
Forget about the usual New Year's resolutions to lose weight, eat healthier, exercise more, and all those other promises that fizzle out by February. A vow we can all keep is to practice better PC security habits, and it starts with picking out passwords that aren't incredibly easy to guess. Need some help? Just have a look at a list of the worst passwords of 2012, as compiled by SplashData.
Look, we're not trying to spark a religious debate here, and if Jesus is your co-pilot, that's wonderful. But turning to 'Jesus' to secure your logins is about as ineffective as protecting your accounts with 'Ninja', which also appears on SplashData's "Worst Passwords of 2012." The self-explanatory list contains five new entries, two of which we just mentioned. What about the rest? Let's have a look.
Ruh-roh, 'Raggy: late yesterday, Nvidia announced that it has battened down the hatches and shut down both its general and Developer forums after a series of hack attacks against the sites. So far, Nvidia's investigation confirms that "unauthorized third parties" gained access to the forum-goers' usernames, email addresses, passwords and public profile information.
Misery loves company, though that probably won't come as much consolation to social networking site LinkedIn, which is now joined by at least two other sites that suffered a serious security breach at the hands of the same band of hackers. Both Last.fm and eHarmony issued separate statements confirming that some user passwords may have been compromised in the recent hacker attack.
If you're a LinkedIn user, you may want to consider changing up your password today, as well as those of any other accounts that share the same login credentials. While nothing has yet been confirmed, LinkedIn said it's currently "looking into reports of stolen passwords," reports of which are flowing through Twitter and other areas of the Internet, as well as on a Russian forum where one member claims he uploaded 6,458,020 hashed passwords.
You're not a rookie on the Internet anymore so it's inexcusable to lock down your online accounts with weaksauce passwords. We're sure your girlfriend's fly, but using her name as a password is a poor security practice, and so is using any of the commonly recognized passwords out there, like 123456 and iloveyou, to name just two. If you're serious about security, you're using multiple passwords that are difficult to guess, which can also be difficult to remember. Symantec wants to help.
Anonymous seems to be moving up in the world. After attacking a global security research firm earlier this week, elements of Anonymous have now announced a hack from a few months ago the compromised SpecialForces.com, a seller of equipment to the military and law enforcement. As per the usual pattern, the stolen data is now available online.