In May 2016, a search engine for hacked data and a hacker obtained over 400 million records from MySpace. Both parties claimed that they had obtained the data from a past, unreported data security incident. The leaked information contained emails, passwords, usernames, and second passwords. The hacker tried to sell the information for $2,800 or 6 Bitcoin on the dark web.
Summary: Hackers stole the details of 617 million online accounts from 16 hacked websites, including Dubsmash, MyHeritage, Whitepages, Fotolog, BookMate, CoffeeMeetsBagel, HauteLook, and DataCamp. They then put the details on the dark web Dream Market cyber-souk for less than $20,000 in Bitcoin. Most of the leaked information consisted of email addresses, account-holder names, and hashed passwords that had to be cracked before they could be used.
Pro Facebook Hack V 1.5 Password 2011
Summary: The hacker who stole 617 million records from the 16 sites earlier in this list stole another 127 million from 8 more websites. They pulled data from websites that included Houzz, Ge.tt, Ixigo, YouNow, Roll20, Coinmama, Stronghold Kingdoms, and PetFlow. After gathering all the information, the hacker put up the hacked data for $14,500 in Bitcoin. Most of the stolen information consisted of email addresses, names, scrambled passwords, and other account and login data.
Summary: A hacker leaked over 70 million prisoner phone calls from at least 37 states. The calls spanned almost two years, with the earliest record from December 2011 and the latest record from spring 2014. This leak potentially violated constitutional attorney-client protections since these records included links to recordings.
Summary: A hacker accessed 77 million Sony PSN and Qriocity user accounts. These users were also unable to go online for 23 days due to the hack. Although Sony encrypted all of the credit card information on its systems and there was no evidence that credit card data had been stolen, the hacker may have been able to access credit card numbers and CVV numbers. In addition, other personal data, such as names, email addresses, dates of birth, account passwords, and addresses, were also compromised.
That is a very poor and misguided response - it is the hacker who is responsible for illegally breaking into another persons property.Just because they have not secured something like this to the nth degree, does not mean that the hackers are not criminals. In Australia, we have council pick-ups, and we leave the recycling out on the footpath. If anyone else , except the council picks it up anything, legally it is stealing and can be arrested and convicted (it is still the homeowners property until the council picks it up). Same goes if they steal your locked car out of your garage - this is similar to hacking into their accounts.These people are highly disruptive to society and are criminals. Sure we can inform people on ways to better secure their accounts, just like we can inform people about security alarms, et cetera for cars. It does not matter how well secured a car is, a determined thief will find ways to steal the car, and the same applies for computers. To steal any car, no matter how well secured, even if it is left unlocked and they just take something from the car, it is still a criminal offence.Although I do fully agree with making accounts as secure as possible (I have for years been advising everyone I know into the habit of making them not only complex, but nothing related to them, and changing passwords regularly), As with cars, the more secure, the less likely there will be a problem.Several years ago I ran a experiment in a complex containing 18 different companies, With their approval, I tried to hack into their accounts and was successful with over half of them (10) within minutes, due to poor or no security (namely not changing the wifi passwords from factory settings), and I managed further intrusion on 6 out of the 10 due to poor passwords (2 actually used "password" and one used the company name to make it easy for the staff). They were shocked and amazed how easy it was and a major wake up call for them to improve their security.Legally, these people are criminals and should be treated as such!!!
Honestly I don't disagree with you at all that the criminals are the hackers and that what they are doing is bad. your analogy of your locked car inside your locked garage however doesn't quite hold up the same because when you put your information online you are inherently putting it in an insecure space where the entire world has access to it. It's more like you keep your locked car with a bunch of stuff inside of it in an unsupervised parking lot in the middle of downtown Detroit. Now we get to the fun bit, where your password is the equivalent to your car key. You use a car key right? Because locking it with a big button that says "Open Sesame!" would be stupid right?
wrong. regular people's account passwords are not "hacked" on a regular basis, and password rules have got out of control, forcing users to keep a log somewhere of all their passwords (or to get software to handle all their thousands of passwords). it's pretty ridiculous that someone needs to create an 8 digit mixed password with upper and lower case letters and special characters to add and/or check points on a baby diaper site. REALLY?!? Is some mastermind criminal going to steal my huggies account from me and tell the world how many diapers I buy a week?Passwords are phished, not hacked, and it is usually the user's fault by not following simple rules like "don't follow links in e-mail" or don't respond to pop-ups on the web that say "your computer is infected, quick! push this button", etc.I do agree that the people setting up these phish sites should be prosecuted harshly if they can be found, but there should really be a single point contact like "911" on a phone that people can report suspicious websites or e-mails so they can be shut down, and then they should be shut down immediately.
any hacker that plans on ever using brute force to hack into an account will already have a list like this containing thousands of passwords.many would rather ask a million people for their password, and would get a few thousand replies
As a computer professional I've been using 8 character/nummber/special character passwords for more than twenty years. Never been hacked. I hate websites that won't allow the use of special characters.
Any advice on how to remember these bizarro 12-character passwords that are meaningless strings? I currently have 84 sites that I use frequently, all password protected. Since I'm not supposed to use the same password for more than one site, and I'm not supposed to have easily remembered passwords, and I'm not supposed to write them down, then ??? Right now I have them all in a Word file called Read Me. I know no one ever looks at a Read Me file, so even if I'm hacked, I figure they're safe.
You can generate a password like "nA5Uma!!T5X#Va8u, D3ECeze#UtHac2Sa, 5ukE3+ph3truFEGa" using any online password generator and then just write down it on the desk, stiker or in the text file mypasswords.txt on the desktop or onedrive. Then when you enter a password on the facebook you input your changed password using your own modification formula.Sample formula 1: 5th letter increased three times (you shouldn't note or tell your formula, keep it in your mind)You passwords to access: "nA5Upa!!T5X#Va8u, D3ECjze#UtHac2Sa, 5ukE6+ph3truFEGa"Sample formula 2: add my favorite day at the begin and month at the end of password (you shouldn't note or tell your formula, keep it in your mind)You passwords to access: "31thnA5Uma!!T5X#Va8uAug, 31thD3ECeze#UtHac2SaAug, 31th5ukE3+ph3truFEGaAug"Sample formula 3: reverse 4 letters at the beginning and at the end (you shouldn't note or tell your formula, keep it in your mind)You passwords to access: "U5Anma!!T5X#u8aV, CE3Deze#UtHaaS2c, Eku53+ph3truaGEF"
Also you can use website name where you login in for your formula to make passwords different for each service. E'g. add the last and the first letter of the sitename after the fifth letter (facebook: nA5Umkfa!!T5X#Va8u, twitter: D3ECertze#UtHac2Sa, instagram: 5ukE3mi+ph3truFEGa).
The best formula is when new symbols appear in your open password, otherwise hackers can use dictionary from your password which is maximum of number of your password length. So the password "abc" changed to "cba" contains the same three letters and it's very easy to verify all variations "abc, bca, cab, ..." (6 variations). But if your formula adds some new symbols then it needs to verify all letters, symbols, numbers or punctuation.
In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Read more about Chinese data breaches in Have I Been Pwned.
In approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.
In 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down. The exposed data included more than 1.3 million unique email addresses, often accompanied by usernames, IP addresses and plain text or hashed passwords retrieved from various sources and intended to be used to compromise the victims' accounts. 2ff7e9595c
Comments