Month: December 2019

Independent researchers, who requested to stay anonymous, compiled and shared with security firm NordPass a list of the 200 most popular passwords that were leaked in data breaches just in 2019. The database contains 500 millions leaked passwords.

“The most popular passwords contain all the obvious and easy to guess number combinations (12345, 111111, 123321), popular female names (Nicole, Jessica, Hannah), and just strings of letters forming a horizontal or vertical line on a QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx, etc.). Surprisingly, the most obvious one — “password” — remains very popular: 830,846 people still use it.”

Below are the recommendations provided by the experts:
1.Go over all the accounts you have and delete the ones you no longer use.
2.Update all your passwords and use unique, complex passwords to protect your accounts. Use a password generator.
3.Use 2 Factor Authentication if you can.
4.Set up a password manager.
5.Be vigilant for suspicious activities. If you notice something unusual, change your password immediately.

Read more about it here.

On Dec. 13, 2019, Facebook informed its employees that hard drives containing information about 29,000 of its workers’ payroll were stolen from a car.

The hard drives were unencrypted, and contained information on US employees of Facebook that worked in 2018, exposing their bank account numbers, employee names, the last four digits of their Social Security Numbers, their salaries, bonuses and equity details.

The theft took place on November 17, 2019, and Facebook discovered it on November 20.

The hard drives were left in the car by a member of Facebook’s payroll department. They were not supposed to leave the office.

Read more about it here.

British music streaming service Mixcloud disclosed that hackers gained access in early November 2019 to some of their systems. The hacker was able to access users data, including usernames, email addresses, SHA-2 hashed passwords, account sign-up dates, country from which the user signed up, last login date, IP addresses, and links to profile photos. The actual passwords were stolen, and the SHA-2 encrypted passwords are considered nearly impossible to unscramble.

Although Mixcloud hasn’t revealed the true scale of the attack, the alleged hacker told various news sources that the trove contained details of at least 20 million customers, and offered it for sale on the dark web for 0.5 Bitcoin (about $4,000).

Read more about it here.