over 300 Million AdultFriendFinder accounts have reportedly been exposed in a massive data breach

Over 300 Million AdultFriendFinder accounts have reportedly been exposed in a massive data breach that hit adult dating and entertainment company Friend Finder Network.

Friend Finder Network is the world’s largest sex and swinger community that has a number of assets and the hack reportedly exposed the information from more than 412 Million accounts across its corporate holdings, which include AdultFriendFinder, Cams, Penthouse, and Stripshow.

Breach notification site LeakedSource broke the story, reporting that nearly 339 Million accounts from sex hookup site AdultFriendFinder, over 60 Million accounts from Cams.com, 7 Million from Penthouse and a handful of accounts from Stripshow and iCams were compromised, for a total of 412,214,295 affected users.

Poor Or No Encryption for Passwords

According to the breach notification service, the database containing email addresses, easily crackable (or in some cases, unprotected) passwords, usernames, IP addresses and browser information, of over 412 Million users has been made available to online criminal marketplaces.

LeakedSource further reveals that Friend Finder Network did not properly encrypt its users’ data. The company stored user passwords in plainly visible format, or with the very poor Secure Hash Algorithm 1 (SHA1) hash function, which is not regarded as secure.

Talking about passwords, here are some common passwords that were used by Friend Finder Network users to log in to the websites: 123456, 123456789, password, qwerty, and pussy, fuckme, fuckyou and iloveyou.

Here’s How the Adult Network possibly got Hacked:

According to CSO Online, a security researcher using the online moniker, Revolver discovered Local File Inclusion vulnerabilities on the AdultFriendFinder website last month. The researcher believed that the same flaw was exploited to hack the adult network.

Friend Finder Network said the company was aware of the security incident and was looking into the matter to determine whether or not the claims were valid.

“We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports,” Diana Lynn Ballou, Friend Finder Network’s Vice President and Senior Counsel of Corporate Compliance & Litigation told CSO Online. “If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected.”

Advertisements

Hacker Helped ISIS to Build ‘Hit List’ Of US Military Personnel Jailed for 20 Years

website-hackers

A hacker who allegedly helped the terrorist organization ISIS by handing over data for 1,351 US government and military personnel has been sentenced to 20 years in a U.S. prison.

Ardit Ferizi, aka Th3Dir3ctorY, from Kosovo was sentenced in federal court in Alexandria, for “providing material support to the Islamic State of Iraq and the Levant (ISIL) and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL,” the Department of Justice announced on Friday.

The 21-year-old ISIS-linked hacker obtained the data by hacking into the US web hosting company’s servers on June 13, 2015.

Ferizi then filtered out over 1,300 US military and government employee’s information from the stolen data and then handed them over to Junaid Hussain. The stolen data contains personally identifiable information (PII), which includes names, email addresses, passwords, locations and phone numbers of US military service members and government workers.

Junaid Hussain, who was a British jihadi and believed to be the then leader and creator of a group of ISIS hackers called the Islamic State Hacking Division (ISHD), posted the names and personal data of 100 US service member’s families online.

The Hussain’s statements included:

                      “We are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the Khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”

Hussain, who was also known as Abu Hussain Al-Britani and used the moniker TriCk, was later killed in a US drone strike in Syria in August last year.
The US authorities also tracked down Ferizi to Malaysia, where he was arrested by the local authorities on October 6, 2015, while trying to catch a flight back to Kosovo.

Before helping ISIS, Ferizi had served as an alleged leader of the Kosova Hacker’s Security (KHS) hacking group and hacked into a number of government sites belonging to the Presidency of Macedonia, the Greek Ministry of Education, the Greek Decentralized Administration of Macedonia and Thrace (DAMT), Lifelong Learning and Religion. He also stole data from IBM and Greek mobile telecoms firm OTE.
Ferizi was pleaded guilty on June 15, 2016, and faced a sentence of up to 35 years in prison, but the sentence was reduced to a maximum of 25 years after agreeing to plead guilty. However, defense lawyers said he meant no real harm and asked for a six-year sentence.

Dick Costolo Ex-CEO of Twitter Got Hacked!

dick-castolo-1466429214
The same group of teenage hackers that hacked Facebook CEO  Mark Zuckerberg’s Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person.

It’s ex-CEO of Twitter, Dick Costolo.

The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitter account of former Twitter CEO on Sunday and managed to post three tweets on Costolo’s Twitter timeline, first spotted by a Recode reporter.

However, the tweets seemed to be just simple-worded tweets with no disturbing content. It looked like the hacking group was testing its access to the account.

Twitter Ex-CEO Dick Costolo Got Hacked!

All the three tweets in question have since been deleted, and Costolo soon regained access to his account.

Moreover, Twitter also suspended the Twitter account belonging to OurMine once again, after the company already suspended its original account following the Zuckerberg hacks.

After regaining access to his account, Costolo said that the group of hackers managed to post tweets on his timeline without directly compromising his Twitter profile.

Instead, the hackers got access to “an old account from another [third-party] service that cross-posted to Twitter,” the Twitter ex-CEO said.

The links included in the tweets indicates that hackers managed to access Costolo’s Pinterest account and then cross-posted to his Twitter timeline, though the group did not reveal how it accessed Costolo’s Pinterest account.

Founder of The Pirate Bay Ordered to Pay $395,000 Fine in Lawsuit he didn’t even know about…

The_Hydra_Bay_logo
The Pirate Bay has been ordered to pay a fine worth nearly US$400,000 to several major record labels after their content was shared illegally via the platform.

The penalty has been imposed on The Pirate Bay co-founder Peter Sunde by a court in Helsinki, Finland.

Interestingly, Sunde, who already left the notorious file sharing site in 2009, said on Twitter that he lost the court case he did not even know about.

The artists mentioned in the brief included “Juha Tapio, Teräsniska, Chisu, Deniece Williams, Suvi Vesa-Matti Loiri, Michael Monroe, Anna Abreau, Antti Tuisku, and Children of Bodom,” according to the local outlet Digitoday.

However, the recording division did not accuse Sunde of direct infringement; rather it accused Sunde of his involvement in the Pirate Bay that indirectly made him responsible for infringements.

The Helsinki District Court ordered the 37-year-old to pay $395,000 (350,000 Euros) to the record labels.

“The record companies know that I have not had any part of TPB for ages, still suing,” Sunde wrote. “Bullying is the new black.”

Sunde did not appear in the court to defend himself, so the Finnish Court handed down a default judgment.

Sunde is now ordered to pay the full amount and costs of nearly $62,000 (55,000 Euros) to the local branch of the International Federation of the Phonographic Industry (IFPI).

Besides, the judge also threatened a fine of 1 Million Euros if the pirated content continues to be shared through The Pirate Bay website, though it is still not clear that how Sunde is supposed to do anything about the sharing of content on the site since he has no association with the service.

As TorrentFreak notes, Sunde and other co-founders of the Pirate Bay, including Fredrik Neij and Gottfrid Svartholm, also owes large sums of money to other copyright holders as a result of various court judgments over the years.

NSA LOOKING TO EXPLOIT INTERNET OF THING and BIOMEDICAL DEVICES.

has-nsa-cracked-ssh
Hackers will continue to grow as the Internet of Things (IoTs) become more common place, making valuable data accessible through an ever-widening selection of entry points.

Although it’s not the hackers alone, the NSA is also behind the Internet of Things.

We know the United States National Security Agency’s (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistle blower Edward Snowden in 2013.

But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers.

During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are “looking at it sort of theoretically from a research point of view right now.”

Ledgett totally agreed on the fact that there are easier ways to track terrorists and foreign intelligence spies than to hack any biomedical devices they might have, but believed that these devices could be a source of information for the agency, reports the Intercept.

When the deputy director was asked whether the entire scope of the IoTs, i.e. Billions of interconnected devices from toy’s Wi-Fi to medical devices, would be a bonanza for the agency or just a security nightmare, Ledgett replied, “Both.”

“As my job is to penetrate other people’s networks, complexity is my friend,” Ledgett said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”

Ledgett also explained that why the NSA was not able to help the FBI hack into iPhone belonged to the San Bernardino shooter, which was accessed by the FBI after buying an exploit from a group ofhackers for a large sum of cash.

During a Senate hearing in February, the Director of National Intelligence James Clapper also said that internet-connected devices could be useful “identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Security Alert-Hackers Steal BitTorrent Forum Users’ Emails, Passwords, IP Addresses

       Bittorrent_7.2_Logo
        If you are registered on BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords.

The BitTorrent team has announced that its community forums have been hacked, which exposed private information of hundreds of thousands of its users.

As of now, BitTorrent is the most visited torrent client around the world with more than 150 Million monthly active users.

        A recent security alert by the team says the forum database has been compromised by hackers who were able to get their hands on its users’ passwords, warning its users to update their passwords as soon as possible.
Besides this, BitTorrent also has a dedicated community forum that has over hundreds of thousands of registered members with tens of thousands of daily visitors.

The vulnerability is believed to be originated at one of its vendors, who alerted the BitTorrent team about the issue earlier this week.

“The vulnerability appears to have been through one of the vendor’s other clients. However, it allowed attackers to access some information on other accounts,” μTorrent forum writes “As a result, attackers were able to download a list of our forum users.”

BitTorrent and other torrent forums are also using Invision Power Board software and if the unnamed vendor in question is Invision Power Services Inc., then hundreds of popular discussion forums might have also been affected.

The team is also investigating further to learn if any other information of its users was accessed.

Security researcher Troy Hunt somehow got access to the stolen database and which he has already been uploaded to his Data breach Notification Site: Have I Been Pwned, which includes 34,000 BitTorrent Forum users’ email addresses, usernames, IP addresses, and salted SHA1 hashed passwords.

For all users we strongly advised to change their forum passwords as well as passwords for other sites, in case they are using identical to the one used on the forum.

Mark Zuckerberg’s Twitter, Pinterest Accounts HACKED !!! Password was…

        The biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts.

Yes, I’m talking about Facebook CEO Mark Zuckerberg, who had his Twitter and Pinterest accounts compromised on Sunday.

The hacker group from Saudi Arabia, dubbed OurMine, claimed responsibility for the hack and guess how the group did it?

 zuck_pinterest_hacked.png.cf

The hackers tweeted that they found Zuck’s account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts.

The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck’s Twitter (@finkd) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offensive posts.

Mr. Zuckerberg has not sent a tweet from the account since 2012.

       Now, what’s more surprising?

Zuckerberg’s LinkedIn password was “dadada”, which he also used for his other online accounts, the group tweeted.

So, this might be another alarm for those who haven’t yet changed passwords for their LinkedIn as well as other online accounts that used the same credentials.

In tweets now deleted, the group also claimed to have gained accessed to Zuck’s Instagram account, but Facebook confirmed that the group did not access his Instagram account.

No Facebook systems or accounts were accessed,” a Facebook spokesperson said. “The affected accounts have been re-secured.

More than 167 Million members’ email and password combinations were hacked during a 2012 LinkedIn data breach and had just been posted online. The passwords were encrypted with the SHA1 algorithm with “no salt” that made it easier for hackers to crack them.

I suggest you change your password immediately, especially if you use the same password for other websites.

Is your TEAM VIEWER HACKED ? TIPS TO DO IMMEDIATELY

have you  remote login software TeamViewer installed on your desktop or laptop ?
teamviewer-hacked
If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests.

According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED!

Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal.

This same behavior has also been reported by the IBM security researcher Nick Bradley, who said:

“In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns on me: I have other machines running TeamViewer!”

But, the question still remains: What really happened to TeamViewer ?

Because no evidence indicates a system-wide security breach at TeamViewer that could have given the attackers some sort of backdoor into users’ PCs.

TeamViewer has also reacted by strongly denying the claims that the intrusions are the result of a hack on TeamViewer’s network.

Instead, the account takeovers are the result of end users’ carelessness. Moreover, the company referred to the recent widespread “mega breaches” that have dumped over 427 Million passwords over the past few week.

“Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.”

        However, TeamViewer stands strong by its statement that a Denial of Service (DoS) attack knocked some of its servers offline on Wednesday, but the company managed to bring them back online after a few hours.

The company advised its users to avoid careless use of its service and always:

  • Use a different password for each account.
  • Use two-factor authentication.
  • Use a password manager.
  • Don’t tell other people your passwords.

        Moreover, TeamViewer also announced two new features on Friday aimed at boosting its users’ security after numerous users flocked online to complain about getting hacked through its service.

The two new features are:

  1. Trusted Devices
  2. Data Integrity

       The Trusted Devices feature is specifically designed to prevent hackers from taking over your TeamViewer account. The feature allows you to approve the new device as trusted before it can access an existing TeamViewer account for the first time. The device approval process is conducted by clicking a validation link sent to the account owner’s email address.

The second feature, dubbed Data Integrity, works by automatically monitoring a user’s account activity. If it detects any unusual behavior that might suggest account has been hacked, the service forces users to reset their password.

Here’s What you should do:

  1. TeamViewer users are strongly recommended to change their account passwords and use a strong one, and of course, NOT to use the same credentials across multiple sites.
  2. I know, remembering different passwords for different accounts is a real pain, but you can use a good password manager to solve this issue.
  3. Meanwhile, users should also ensure their TeamViewer accounts are protected with a randomly generated password that is at least 10 characters long, contains numbers, symbols, and uppercase and lowercase letters, and is unique.
  4. It is always a good idea to run the TeamViewer software only when it’s truly needed, instead of allowing it to auto-start each time your PC is turned on.

50 hackers who stole $25 million from Banks

ARREST_2540291b

A gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles (over US$25 Million) from banks and other financial institutions in the country since 2011 arrested by Russian authorities.

The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked.

The group allegedly used a Trojan called “Lurk” to set up a network of bots on infected computers to carry out the attacks, according to Russia’s FSB (Federal Security Service).

Initially identified in 2012, Lurk is a “fileless” Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation.

The hackers then stole login names and passwords for victims’ online bank accounts, especially accounts held at Sberbank, Russia’s largest bank in terms of assets held.

The criminal gang allegedly seeded some of Russia’s most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims’ computers.

Sberbank helped the Russian authorities to conduct a large-scale operation in 15 regions of Russia and detain around 50 people; 18 of those are currently behind bars in Moscow.

        All of the 50 suspects were charged with the development, distribution and use of malicious computer programs.

427 Million Myspace Passwords leaked in major Security Breach

Hello Friends Welcome after long time today’s  I am posting a sad news for Myspace Users. And welcome again in cyber crime world

You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.

On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in online hacker forum.

myspace-logo

The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts.

The data breach in Myspace is believed to be the largest leaks of passwords ever and even if you have not visited Myspace in years, your personal information is up for sale online.

Like LinkedIn, the stolen Myspace passwords were also stored in SHA1 with no “salting.” Salting is a process that makes passwords much harder to crack.

And we recommend that users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.