The biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts.
Yes, I’m talking about Facebook CEO Mark Zuckerberg, who had his Twitter and Pinterest accounts compromised on Sunday.
The hacker group from Saudi Arabia, dubbed OurMine, claimed responsibility for the hack and guess how the group did it?
The hackers tweeted that they found Zuck’s account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts.
The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck’s Twitter (@finkd) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offensive posts.
Mr. Zuckerberg has not sent a tweet from the account since 2012.
Now, what’s more surprising?
Zuckerberg’s LinkedIn password was “dadada”, which he also used for his other online accounts, the group tweeted.
So, this might be another alarm for those who haven’t yet changed passwords for their LinkedIn as well as other online accounts that used the same credentials.
In tweets now deleted, the group also claimed to have gained accessed to Zuck’s Instagram account, but Facebook confirmed that the group did not access his Instagram account.
“No Facebook systems or accounts were accessed,” a Facebook spokesperson said. “The affected accounts have been re-secured.“
More than 167 Million members’ email and password combinations were hacked during a 2012 LinkedIn data breach and had just been posted online. The passwords were encrypted with the SHA1 algorithm with “no salt” that made it easier for hackers to crack them.
I suggest you change your password immediately, especially if you use the same password for other websites.
have you remote login software TeamViewer installed on your desktop or laptop ?
If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter
According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED!
Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal.
This same behavior has also been reported
by the IBM security researcher Nick Bradley, who said:
“In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns on me: I have other machines running TeamViewer!”
But, the question still remains: What really happened to TeamViewer ?
Because no evidence indicates a system-wide security breach at TeamViewer that could have given the attackers some sort of backdoor into users’ PCs.
TeamViewer has also reacted by strongly denying the claims that the intrusions are the result of a hack on TeamViewer’s network.
Instead, the account takeovers are the result of end users’ carelessness. Moreover, the company referred to the recent widespread “mega breaches” that have dumped over 427 Million passwords over the past few week.
“Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services.”
However, TeamViewer stands strong by its statement that a Denial of Service (DoS) attack knocked some of its servers offline on Wednesday, but the company managed to bring them back online after a few hours.
The company advised its users to avoid careless use of its service and always:
- Use a different password for each account.
- Use two-factor authentication.
- Use a password manager.
- Don’t tell other people your passwords.
Moreover, TeamViewer also announced two new features on Friday aimed at boosting its users’ security after numerous users flocked online to complain about getting hacked through its service.
The two new features are:
- Trusted Devices
- Data Integrity
The Trusted Devices feature is specifically designed to prevent hackers from taking over your TeamViewer account. The feature allows you to approve the new device as trusted before it can access an existing TeamViewer account for the first time. The device approval process is conducted by clicking a validation link sent to the account owner’s email address.
The second feature, dubbed Data Integrity, works by automatically monitoring a user’s account activity. If it detects any unusual behavior that might suggest account has been hacked, the service forces users to reset their password.
Here’s What you should do:
- TeamViewer users are strongly recommended to change their account passwords and use a strong one, and of course, NOT to use the same credentials across multiple sites.
- I know, remembering different passwords for different accounts is a real pain, but you can use a good password manager to solve this issue.
- Meanwhile, users should also ensure their TeamViewer accounts are protected with a randomly generated password that is at least 10 characters long, contains numbers, symbols, and uppercase and lowercase letters, and is unique.
- It is always a good idea to run the TeamViewer software only when it’s truly needed, instead of allowing it to auto-start each time your PC is turned on.
A gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles (over US$25 Million) from banks and other financial institutions in the country since 2011 arrested by Russian authorities.
The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked.
The group allegedly used a Trojan called “Lurk” to set up a network of bots on infected computers to carry out the attacks, according to Russia’s FSB (Federal Security Service).
Initially identified in 2012, Lurk is a “fileless” Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation.
The hackers then stole login names and passwords for victims’ online bank accounts, especially accounts held at Sberbank, Russia’s largest bank in terms of assets held.
The criminal gang allegedly seeded some of Russia’s most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims’ computers.
Sberbank helped the Russian authorities to conduct a large-scale operation in 15 regions of Russia and detain around 50 people; 18 of those are currently behind bars in Moscow.
All of the 50 suspects were charged with the development, distribution and use of malicious computer programs.
Hello Friends Welcome after long time today’s I am posting a sad news for Myspace Users. And welcome again in cyber crime world
You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.
On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in online hacker forum.
The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts.
The data breach in Myspace is believed to be the largest leaks of passwords ever and even if you have not visited Myspace in years, your personal information is up for sale online.
Like LinkedIn, the stolen Myspace passwords were also stored in SHA1 with no “salting.” Salting is a process that makes passwords much harder to crack.
And we recommend that users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.