Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Passwords. Show all posts
ZeroTrust
2FA AIsecurity credentialstuffing CyberCrime Darkweb Data Breach GenZ Infostealer passwordmanager Passwords phishing Ransomware ZeroTrust

Infostealer Malware Soars 500% as 1.7 Billion Passwords Leak on Dark Web

 

A new report has exposed a staggering 500% rise in infostealer malware attacks, with over 1.7 billion passwords leaked on the dark web in 2024 alone. Despite the growing threat, poor password hygiene continues to be a critical issue, especially among Gen Z users. Cybersecurity experts are now calling for a complete rethink of digital safety practices, urging organizations and individuals to adopt zero-trust frameworks, AI-driven defenses, and reform in user behavior.

Infostealer malware is gaining traction as a preferred tool among cybercriminals. These lightweight, silent programs are often embedded in pirated software or spread via phishing attacks. Once inside a system, they exfiltrate sensitive data including stored credentials, autofill data, cookies, and even crypto wallet details without raising alarms. This stolen information is then compiled into massive combo lists—datasets of usernames and passwords—that are sold or traded on dark web forums. These lists power credential-stuffing attacks that enable hackers to take control of accounts on a mass scale.

Underground marketplaces have reportedly listed over 100 billion compromised credentials, marking a 42% increase from the previous year. Cybercrime syndicates such as BestCombo, BloddyMery, and ValidMail have become notorious for brokering access to stolen identities, fueling everything from account takeovers to financial fraud, ransomware deployment, and corporate espionage.

Yet, despite repeated warnings, user behavior remains worryingly casual. The 2025 World Password Day Survey revealed that 72% of Gen Z users admit to reusing passwords across multiple services. Even more strikingly, 79% acknowledge the risks of reuse, while 59% continue to use the same credentials even after a breach. Shockingly, only 10% reported updating their passwords consistently after being informed of a compromise. Additionally, 38% of Gen Z respondents said they only alter one character when prompted to update a password, and 30% frequently forget their credentials—despite the availability of password recovery features and password managers.

Although 46% of Gen Z users claim to use password managers, their actual habits—like sharing credentials via body text, screenshots, or in conversation—undermine any security those tools provide. This gap between intention and action continues to weaken overall cyber defense.

On the enterprise front, the situation is no better. According to a cybersecurity expert, 27% of businesses still do not enforce basic password policies. Even among organizations that do, users often respond to frequent password change requirements with insecure workarounds, such as reusing slightly modified passwords.

A data privacy solicitor commented, “If your system allows users to bypass complexity rules or reuse old passwords, your policy is meaningless,” she warned.

Experts also note that even strong password practices can't address all threats. Vulnerabilities like device-level breaches, session hijacking, and social engineering tactics necessitate broader security strategies. Resta advises that organizations should go beyond password policies and invest in multi-layered defenses:
“Organizations must maintain robust incident response plans alongside 2FA, AI-driven anomaly detection, and Zero Trust Architecture (ZTA).”
Read more »
Passwords
Cyber Security FIDO Alliance Passkey Passwords

Many Internet Users Suffer Account Breaches Due to Weak Passwords, Study Finds

 



A recent study has shown that more than one in three people have had at least one of their online accounts broken into during the past year. The main reason? Poor or stolen passwords.

The report comes from the FIDO Alliance, a group that focuses on improving online safety. Their findings reveal that passwords are still a major weak spot in keeping digital accounts secure.


People Struggle with Passwords

The research found that 36% of people had their accounts hacked because their passwords were either easy to crack or already leaked online. Many users still rely on passwords that are short, simple, or reused across different accounts. These habits make it easier for cybercriminals to gain access.

Forgetting passwords is another common issue. Nearly half of the participants said they gave up making a purchase online because they couldn’t remember their password.


What Are Passkeys and Why Are They Safer?

To fix the problem with passwords, many websites and apps are now supporting a new method called passkeys. These don’t require typing anything in. Instead, you can log in using your fingerprint, face scan, or a PIN stored on your device.

This system is safer because the login details never leave your phone or computer, and they don’t work on fake websites. This means scammers can’t trick people into handing over their login details like they do with traditional passwords.

According to the study, most people are now aware of this new method. Around 69% have already used passkeys on at least one of their accounts, and over a third said they’ve switched entirely to using them wherever possible.


Big Tech Companies Back Passkeys

On May 2, Microsoft said it is now letting all of its users log in with passkeys instead of passwords. The company admitted that passwords simply aren’t strong enough to protect people’s accounts, even if they’re long or frequently updated.

Microsoft users can now sign in using face ID, fingerprint, or PIN on devices from Windows, Apple, or Google.


Moving Away from Passwords Altogether

To raise awareness, FIDO has renamed its annual event “World Passkey Day.” The goal is to encourage companies and users to stop relying on passwords and start using safer login tools.

As part of the event, FIDO launched a pledge for businesses that want to commit to using passkeys. More than 100 organizations have already joined in.

FIDO’s leader, Andrew Shikiar, said the shift to better login methods is necessary. He explained that years of account hacks and data leaks have shown that traditional passwords no longer offer the protection we need in a digital world.

The study surveyed 1,389 adults from the US, UK, Japan, South Korea, and China.

Read more »
Passwords
Cloud Service Data Breach Oracle Passwords

Oracle Faces Data Leak Claims, Clarifies Cloud Services Remain Safe

 



Oracle has informed its users that a recent cyberattack only affected two outdated servers that are no longer in use. These systems were separate from Oracle’s main cloud services, and the company says that no active customer data or cloud-based accounts were harmed.

In the notice sent to its customers, Oracle clearly stated that its main cloud service, known as Oracle Cloud Infrastructure (OCI), was not targeted or accessed by attackers. They reassured users that no data was viewed, taken, or misused, and there was no interruption in cloud operations.

According to Oracle, the stolen information included usernames from older systems. However, passwords stored on those servers were either scrambled or secured in such a way that they could not be used to break into any accounts. As a result, the hackers were not able to reach any customer platforms or data.

The incident first came to public attention when a hacker began selling what they claimed were millions of user records on an online cybercrime marketplace. Oracle has been under pressure since then to confirm whether or not its systems were breached. While the company continues to deny that their modern cloud platform was affected, cybersecurity experts say that the older systems— though no longer active - were once part of Oracle’s cloud services under a different name.

Some security specialists have criticized Oracle’s choice of words, saying the company is technically correct but still avoiding full responsibility by referring to the older system as separate from its current services.

Reports suggest that the hackers may have broken into these old systems as early as January 2025. The intruders allegedly installed harmful software, allowing them to collect data such as email addresses, usernames, and coded passwords. Oracle described the stolen data as outdated, but some of the records being shared online are from late 2024 and early 2025.

This comes shortly after another reported incident involving Oracle’s healthcare division, formerly called Cerner. That breach affected hospitals in the U.S., and a hacker is now reportedly demanding large payments to prevent the release of private medical information.

Even though Oracle insists its main cloud platform is secure, these incidents raise questions about how clearly companies communicate data breaches. Users who are concerned have been advised to reach out to Oracle’s support team for more information.


Read more »
Youtube
Cyber Security Neptune RAT Passwords virus Windows Youtube

New Virus Spreading Through YouTube Puts Windows Users at Risk

 




A new type of digital threat is quietly spreading online, and it’s mainly affecting people who use Windows computers. This threat, called Neptune RAT, is a kind of harmful software that allows hackers to take over someone’s system from a distance. Once installed, it can collect personal data, spy on the user’s activity, and even lock files for ransom.

What’s especially worrying is how the virus is spreading. It’s being shared through common platforms like YouTube, GitHub, and Telegram. Hackers are offering this tool as part of a paid service, which makes it easier for many cybercriminals to get access to it.


What Makes Neptune RAT So Dangerous?

Neptune RAT is not an ordinary computer virus. It can do many harmful things at once, making it a serious risk to anyone who accidentally installs it.

One of its tricks is swapping digital wallet addresses during cryptocurrency transfers. This means someone could send money thinking it’s going to the right person, but it actually ends up in a hacker’s account.

Another feature allows it to collect usernames and passwords stored on the victim’s device. It targets popular programs and web browsers, which could let hackers break into email accounts, social media, or online banking services.

Even more troubling, Neptune RAT includes a feature that can lock files on the user’s system. The attacker can then demand money to unlock them— this is what’s known as ransomware.

To make things worse, the virus can turn off built-in security tools like Windows Defender. That makes it much harder to spot or remove. Some versions of the virus even allow hackers to view the victim’s screen while they’re using it, which could lead to serious privacy issues.

If the hacker decides they no longer need the device, the virus can erase all the data, leaving the victim with nothing.


How to Stay Protected

To avoid being affected by this virus, it’s important to be careful when clicking on links or downloading files— especially from YouTube, GitHub, or Telegram. Never download anything unless you fully trust the source.

Although antivirus software is helpful, this particular virus can get past many of them. That’s why extra steps are needed, such as:

1. Using different passwords for each account  

2. Saving important files in a secure backup  

3. Avoiding links or downloads from strangers  

4. Enabling extra security features like two-factor authentication

Staying alert and employing good online habits is the best way to avoid falling victim to harmful software like Neptune RAT.


Read more »
Passwords
Cyber Security Login Credentials Oracle Passwords

Hacker Claims Oracle Cloud Breach, Threatens to Leak Data

 



A hacker who goes by the name “Rose87168” is claiming to have broken into Oracle Cloud systems and is now threatening to release or sell the data unless their demands are met. According to security researchers, this person says they’ve gained access to information from over 140,000 accounts, with a total of 6 million records.

Oracle has not confirmed that any such breach took place. At first, the company denied the claims. Since then, they’ve chosen not to respond to questions about the situation. However, cybersecurity experts are beginning to find signs that support the hacker’s story.

One group of researchers believes that the attack may have happened through a flaw in how users log in. They suggest that the hacker may have found a hidden security weakness or a problem in Oracle's login system, which let them get in without needing a password. This could be tied to a previously reported vulnerability in Oracle’s software, which has been labeled a high risk by experts. That earlier issue allowed anyone with internet access to take over accounts if not fixed.

The hacker claims the stolen material includes sensitive information like login credentials, passwords for internal systems, and private security keys. These are all crucial for keeping accounts and data secure. If leaked, this information could lead to unauthorized access to many companies’ services and customer details.

Researchers have examined some of the data provided by the hacker and say it appears to be genuine. Another security group, Trustwave SpiderLabs, also looked into the case. They confirmed that the hacker is now offering the stolen data for sale and allowing buyers to choose what they want to purchase based on specific details, like company names or encrypted passwords.

Experts from both teams say the evidence strongly suggests that the breach is real. However, without a statement from Oracle, nothing is officially confirmed.

This situation is a reminder of how critical it is for companies to keep their systems up to date and to act quickly when possible flaws are discovered. Businesses that use cloud services should check their security settings, limit unnecessary access, and apply all software updates as soon as they are available.

Staying alert and following good cybersecurity habits can reduce the chances of being affected by incidents like this.


Read more »
Privacy
CyberCrime Cyberhackers Cybersecurity CyberThreat Default Passwords Multi-Factor Authentication (MFA) Passwords Privacy

Password Reuse Threatens Security of 50 Percent of Online Users

 


The Overlooked Danger of Password Reuse

While digital access is becoming increasingly prevalent in our everyday lives, from managing finances to enjoying online entertainment, there remains a critical security lapse: password reuse. Even though it is convenient, this practice remains one of the most common yet preventable cybersecurity risks. Almost everyone uses the same login credentials across multiple platforms repeatedly, which exposes them to an unavoidable domino effect of cyber threats, unknowingly. 

It has been proven that when a single set of credentials is compromised, an attacker can use that credential to infiltrate several accounts, resulting in unauthorized access, identity theft, and financial fraud. While cybersecurity awareness has grown, password reuse continues to pose a threat to personal and professional data security even though cyber threats are becoming increasingly prevalent. 

 This vulnerability can be mitigated by adopting stronger security practices, such as password managers and multi-factor authentication, which can help counteract this issue. Establishing strong, unique credentials for each service is a fundamental part of minimizing exposure to cyber threats and protecting sensitive information. 

The Persistent Threat of Password Reuse

It is widely acknowledged that passwords are one of the fundamental weaknesses of cybersecurity, serving as a primary vector for breaches. Organizations fail to implement effective measures for detecting and preventing compromised credentials, resulting in the risk of the breach being further exacerbated by users repeatedly using the same password over multiple accounts, further escalating the threat. 

It is apparent that even though the public is becoming more aware of the dangers of password reuse, it remains a widespread issue, which leaves individuals and businesses vulnerable to cyberattacks. 

Recent studies reveal just how alarming this problem is. According to a Google survey conducted in the past year, 65% of users recycle their passwords across different platforms. 

However, another survey found that although 91% of individuals are aware of the risks associated with this practice, 59% still practice it. It has been reported that 44 million accounts are at risk of compromise because of compromised credentials, and according to research, the average user reuses passwords up to 14 times on average. 

72% of people admit that they reuse passwords for their accounts, while nearly half of them change existing passwords slightly rather than creating new, stronger ones during required updates, which renders periodic password resets ineffective because they result in weak passwords. 

It is important to note that this issue is not limited to personal accounts, as 73% of users have duplicate passwords across their professional and personal profiles. Studies also indicate that 76% of millennials reuse their passwords, demonstrating the persistence of this risky behaviour. 

The Verizon Data Breach Investigations Report further highlights the severity of the issue by averaging 81% of hacking-related breaches being connected to compromised credentials, demonstrating its severity.

There is no doubt that the danger of reusing passwords is well-known to many users. However, managing unique credentials for multiple accounts can lead to common security lapses. Cybercriminals exploit this widespread negligence to gain unauthorized access by exploiting weak authentication practices.

The assumption that users will change their habits is unrealistic, and businesses cannot afford to ignore the risks posed by inadequate password management, and they cannot ignore the risks that arise from this approach. For organizations to effectively combat these threats, automated security solutions must be implemented, which continuously monitor, detect and prevent the use of exposed credentials, ensuring a stronger defence against cyberattacks. 

The Risks of Password Sharing in the Digital Age 

A common occurrence these days is sharing login credentials with family, friends, and coworkers in an era when digital services dominate users' daily lives. The rise of streaming platforms, the sharing of social media accounts, and many other online services have made it possible for this trend to persist. 

According to research, 59% of all individuals share their login information or passwords with at least one type of account, which puts them at risk for security issues. In terms of the most frequently shared credentials, video streaming services lead the list, with 41% of users admitting that they have shared login information with others. The average individual shares access to personal devices, including smartphones, tablets, and computers, with approximately 23% of them doing so. 

In addition to email and music streaming accounts, more than 15% of users have shared their credentials with others, and over 15% have been known to do so. Although password sharing seems convenient, it increases the chance of unauthorized access, credential leaks, and information compromise, so it is imperative to keep passwords safe and secure at all times. Managing multiple passwords across multiple online accounts can be challenging, resulting in insecure practices such as reusing passwords or sharing them informally, but it is imperative for the protection of all personal information to maintain a strong password hygiene system. 

As a result of using secure password management tools such as those offered by The Password Factory, enabling multi-factor authentication, and avoiding the temptation to share credentials with others, cyber threats can be dramatically reduced, while account integrity and data security can be preserved. 

Strengthening Security Through Proactive Measures

When it comes to improving cybersecurity, the first step is removing weak and reusing passwords from the system. For each account, users need to establish unique, complex passwords that are a considerable reduction of vulnerability to credential-based attacks. 

Multi-factor authentication (MFA) is another step in increasing the security of all supported accounts while adopting passkeys is another step towards making their passwords more secure and phishing-resistant. As a website administrator, it is essential to integrate leak detection mechanisms to identify and mitigate threats in real-time by identifying and resolving threats as soon as they arise. Automating the process of resetting compromised passwords further enhances security. 

Additionally, the implementation of protective measures, such as rate limiting and bot management tools, can help limit the impact of automated attacks on the website. To ensure that users' security posture is strengthened, they must conduct regular audits to identify trends in password reuse, detect exposed credentials, and enforce stringent password policies. 

Using these best practices will help both individuals and organizations strengthen their defences against cyber threats, thus minimizing the risk that their data will be compromised or unauthorized. In addition to safeguarding sensitive information, proactive security measures also contribute to ensuring that the digital environment is more resilient and less prone to cyber-attacks.
Read more »
Security Cameras
Encryption Hackers Passwords Privacy Security Cameras

Protect Your Security Cameras from Hackers with These Simple Steps

 



Security cameras are meant to keep us safe, but they can also become targets for hackers. If cybercriminals gain access, they can spy on you or tamper with your footage. To prevent this, follow these straightforward tips to ensure your security cameras remain under your control.

1. Avoid Cheap or Second-Hand Cameras

While it might be tempting to buy an inexpensive or used security camera, doing so can put your privacy at risk. Unknown brands or knockoffs may have weak security features, making them easier to hack. Used cameras, even if reset, could still contain old software vulnerabilities or even hidden malware. Always choose reputable brands with good security records.

2. Choose Cameras with Strong Encryption

Encryption ensures that your video data is protected from unauthorized access. Look for brands that offer end-to-end encryption, which keeps your footage secure even if intercepted. Some brands, like Ring and Arlo, provide full encryption options, while others offer partial protection. The more encryption a company provides, the better your data is protected.

3. Research Security Reputation Before Buying

Before purchasing a camera, check if the company has a history of data breaches or security flaws. Some brands have had incidents where hackers accessed user data, so it’s essential to choose a manufacturer with a strong commitment to cybersecurity. Look for companies that use offline storage or advanced security features to minimize risks.

4. Strengthen Your Wi-Fi and App Passwords

A weak Wi-Fi password can allow hackers to access all connected devices in your home, including security cameras. Always use a strong, unique password for both your Wi-Fi network and camera app. Enable encryption on your router, activate built-in firewalls, and consider using a virtual private network (VPN) for extra protection. If you experience life changes like moving or breaking up with a partner, update your passwords to prevent unauthorized access.

5. Keep Your Camera Software Updated

Security camera companies regularly release updates to fix vulnerabilities and improve protection. If your camera has an option for automatic updates, turn it on. If not, make sure to check for updates manually through your camera app to ensure your system has the latest security patches.

6. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second verification step, such as a text message or email code, before logging in. This prevents unauthorized users from accessing your camera, even if they have your password.


Modern security cameras are much safer than before, thanks to improved encryption and security features. Most hacking attempts happen when users fail to secure their accounts or choose unreliable brands. However, there is still a risk if the camera company itself experiences a data breach. To minimize exposure, consider cameras with local storage or privacy covers for indoor models.

Who Tries to Hack Security Cameras?

In most cases, security cameras are not hacked by strangers. Instead, unauthorized access usually comes from people you know, such as an ex-partner or family member who already has login details. Occasionally, unethical employees at security companies have been caught misusing access. Ensuring strong passwords, encryption, and additional security measures can help prevent these issues.

By following these simple steps, you can keep your security cameras safe from hackers and ensure your home remains private and secure.


Read more »
Passwords
2FA Data Breach Grubhub Passwords

Grubhub Data Breach Exposes Customer and Driver Information

 



Food delivery service Grubhub has suffered a security breach that exposed sensitive information belonging to customers, drivers, and merchants. The breach, caused by unauthorized access through a third-party service provider, compromised personal details, hashed passwords, and partial credit card information.  

Grubhub detected suspicious activity within its system, which was later traced to an account used by a third-party customer support provider. The company quickly revoked access to this account and removed the provider from its platform to prevent further unauthorized entry.  

What Information Was Compromised?

Hackers gained access to various user data, including:  

1. Full names, email addresses, and phone numbers  

2. Hashed passwords (which are encrypted for security)  

3. Partial credit card details (only the card type and last four digits)  

The breach affected individuals who had previously interacted with Grubhub’s customer support or used its campus dining services. However, full payment card details and bank account information were not accessed.  

Steps Taken by Grubhub  

In response to the breach, Grubhub has implemented several security measures:  

  • Resetting passwords for affected accounts  
  • Blocking access to the compromised third-party account  
  • Enhancing security protocols to prevent similar incidents in the future  

Although the exact number of affected users and the timeline of the breach have not been disclosed, Grubhub is working to strengthen its security systems. 

This breach comes as Grubhub prepares for a major business transition. Its parent company, Just Eat, is finalizing a $650 million sale of Grubhub to food hall startup Wonder. The deal, announced in November 2024, is expected to be completed by early 2025.  

How Users Can Stay Safe

If you have a Grubhub account, consider taking the following precautions:  

1. Update your password immediately, especially if you use the same password on other platforms.  

2. Turn on two-factor authentication (2FA) for extra security.  

3. Be cautious of phishing emails pretending to be from Grubhub.  

4. Monitor your credit card and bank statements for unusual activity.  

This incident underscores the risks associated with third-party service providers in handling user data. As cyber threats continue to rise, companies must implement stronger security measures to protect customer information and prevent future breaches.

Read more »
Subscribe to: Posts (Atom)