Some big names found themselves in cybersecurity headlines this week. Let’s recap:
Infostealer activity has been surging over the past few years and researchers at Fortinet discovered that in 2024, over 1.7 billion usernames and passwords were stolen and being marketed on the dark web.
Though data leaks contribute to much of the stolen information on the dark web, these login credentials observed by Fortinet cybersecurity researchers were stolen by hackers spying on people’s devices without the user knowing.
(–Source: The Economic Times on MSN
Read More: Massive dark web leak exposes 1.7 billion passwords; here’s why your logins might already be compromised without you knowing )
In a data study of over 19 billion compromised passwords from 200 cybersecurity incidents, it was revealed that many of these passwords were easily guessable and vulnerable to brute force attacks.
A whopping 94% of the analyzed passwords were reused, meaning only 6% of them were unique, and many of these passwords contained some of the most easily guessable strings such as “123456,” “password,” and “admin.” This study emphasizes the importance of using secure, unique passwords and storing them in encrypted password managers.
(–Source: Newsweek
Read More: 19 Billion Passwords Leaked Amid Phone Security Warning )
Investigation into the cyberattack on British retailer Marks & Spencer that occurred 3 weeks ago and has left the retailer still struggling to restore all of their services back to normal, has revealed that customer data was stolen in the attack.
While it’s unclear how many customers have had their information compromised, M&S confirmed that the stolen information could include names, birthdates, contact information, home addresses, and online order history. The retailer is urging customers to reset their M&S account passwords and beware of any calls, emails, or texts claiming to be from M&S.
(–Source: BBC
Read More: M&S says personal customer data stolen in recent cyber attack )
A hacker by the online alias of Machine1337 is offering to sell over 89 million Steam user records for $5,000 on the dark web. As Steam is one of the most popular gaming platforms in the world, this sparked panic after web monitoring group Underdark.ai claimed the stolen information included 2FA SMS logs of one-time access codes, but it seems now that the threat is not a huge cause for concern.
Valve, Steam’s publisher, responded letting users know that the leak “consisted of older text messages that included one-time codes only valid for 15 minutes and the phone numbers they were sent to.” While this information cannot be used to breach accounts, Valve is reminding users to take account security seriously.
(–Source: Windows Central on MSN
Read More: Valve responds to alleged Steam “data breach” leak of 89 million account details — here’s the full story )
A hacker has stolen information relating to Coinbase customer accounts and is demanding the crypto giant pay a ransom in exchange for not publishing this information.
The hacker was able to obtain this information by bribing Coinbase contractors and employees with money for access to customer names, contact information, addresses, last 4 digits of SSNs, masked financial account information, balance and transaction history, and government issued ID documents. These staff members have since been fired.
(–Source: TechCrunch on MSN
Read More: Coinbase says customers’ personal information stolen in data breach )
