Are you one of those people who use the simple passwords because you aren’t feeling that creative, don’t want to remember anything complex, or just don’t think it’s important? Hopefully that’s not you, because you’re on metaPassword, so you only have to remember one password.
See the list of the most common 200 passwords and be content that you use the best tool on the internet to ensure your passwords and accounts are secure!
Check out this video from the Wall Street Journal that describes why common password rules such as forcing certain character sets on people is actually making the passwords less secure.
Know of a site that frustrated you because of its stupid password rules? Add it here.
We are also adamantly against requiring questions and answers to permit users to reset their passwords. We all know that people reuse these questions and answers all over the internet. A security breach on one site could compromise many sites. Don’t give real or consistent answers to these questions! If you are permitted to make up your own questions, do that, and make them unique every time. You can use metaPassword to answer the questions! Simply enter the entire question into the Site Name to get a unique “answer” every time!
If you avoid security questions you won’t be vulnerable to this Facebook scam.
This is a perfect example of how hackers use social engineering to steal your sensitive personal information.
Watch how Jessica Clark obtains someone’s personal email address, adds herself to the account and changes the password.
T-Mobile reported that its cyber-security team “discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities.” The data theft occurred in the morning on Monday, August 20, 2018.
According to Motherboard, the hackers exploited an internal API (application programming interface) on its servers that handled personal information.
The data from approximately 2 million people included:
Source: https://www.pcworld.com/article/3300160/security/t-mobile-data-hack-faq.html
Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc’s restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.
Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.
A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.
Stolen data included account numbers and internal verification codes. The malware has since been removed.
The information could be used to drain debit card-linked bank accounts, make “clone” credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.
Source: https://www.reuters.com/article/us-chipotle-cyber-idUSKBN18M2BY
It was originally reported that the personal data of 4 million current, former and potential federal employees was stolen from the Office of Personnel Management (OPM) web site. Now that total is believed to be closer to 18 million records.
The Chinese government is believed to be the source of the attack, although they have disputed this statement.
The OPM office learned of the data breach after it launched an effort to tighten its cyber security defense system. When it found malicious activity authorities used a system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said.
Read the full story on CNN.
Digital Constitution, Microsoft’s site dedicated to combating US surveillance, was breached the evening of June 17. The hackers may have used vulnerabilities found in an order version of WordPress to gain entry. The site was displaying spam links to casino-related pages.
The full story is available on ZDnet.
The popular but vulnerable tool to store your passwords has been hacked according to a posting on their own web site.
They detected an intrusion to their servers and said that while encrypted user data (aka your stored passwords for other sites) was not stolen the hackers did take LastPass account email addresses, password reminders, server per user salts and authentication hashes. If you use this service you should change your login password immediately.
This loss of sensitive information will never happen using our service, metaPassword, since your password never leaves your browser. It is never stored on our server, so your master password remains secure no matter what.
See:
http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
Heartbleed, a play on words from the OpenSSL feature called “Heartbeat,” was discovered by a Google researcher and a Finland-based security company, Codenomicon.
Articles at the Washington Post and many other sources are pointing out the potential for widespread security problems.
The vulnerability could allow hackers to access encrypted data online, including sensitive data such as user names, passwords, credit card numbers and Social Security numbers. Some researchers believe that hackers might even have been able to access encryption keys that can unlock Internet traffic on a mass scale, even when the data have been stored for years.
Companies and government agencies have been scrambling for days to correct the flaw by updating software. Dozens of popular Web sites, including Yahoo, have proved vulnerable to data theft this week. Because the exploitation of the flaw leaves no traces, it is extremely difficult to know what sites were compromised between the introduction of the flaw in March 2012.
Test your server for the flaw using these resources: