#DocMorris erneut Opfer von #CredentialStuffing | Security https://www.heise.de/news/DocMorris-erneut-Opfer-von-Credential-Stuffing-9242214.html

👋​Hey everyone!

We just released a new episode on the Shared Security Show discussing the White House's National Cybersecurity Strategy and BetterHelp's $7.8 million fine from the FTC.

We also cover credential stuffing attacks on Chick-fil-A and the importance of reading terms of service and privacy policies.

Tune in now to learn more!

Watch on YouTube: https://youtu.be/8u0Ht_K_gVU

Listen direct from our website:
https://sharedsecurity.net/2023/03/13/bidens-national-cybersecurity-strategy-betterhelps-ftc-fine-chick-fil-a-data-breach/

#podcast #cybersecurity #SharedSecurityShow #NationalCybersecurityStrategy #FTC #BetterHelp #CredentialStuffing

When you attempt to login on a website and it confirms that the email IS registered. I’ve heard that sites SHOULDN’T do that because it’s a security risk. How? How does knowing that X email is registered present a security risk? Is it due to the potential for credential stuffing / reuse attacks on that site or just user profile (I know Adam has an account at X)? #security #credentialreuse #credentialstuffing

LKA-Warnung: Kinderpornografie-Posts nach Facebook-Hacks | heise online https://www.heise.de/news/LKA-Warnung-Kinderpornografie-Posts-nach-Facebook-Hacks-7487612.html #FacebookHacking #Hacking #FacebookPhishing #CredentialStuffing #Phishing #ChildPorn #CSAM

@danhon #Phishing accounts on a devalued site, but phishing nonetheless. However, those who use the same #password elsewhere will become victims of #CredentialStuffing.

#infosec #security #cybersecurity

Attacke auf Online-Apotheke DocMorris: 20.000 Kundenkonten betroffen | heise online https://www.heise.de/news/Attacke-auf-Online-Apotheke-DocMorris-20-000-Kundenkonten-betroffen-7471797.html #Hacking #Datenschutz #privacy #DSGVO #GDPR #CredentialStuffing

925,000 #norton #LifeLock Accounts Targeted by Credential-Stuffing Attack - Slashdot https://it.slashdot.org/story/23/01/23/0435227/925000-norton-lifelock-accounts-targeted-by-credential-stuffing-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed
#CredentialStuffing

#Paypal: Datenleck nach Zugangsdaten-Durchtesten von Angreifern | heise online https://www.heise.de/news/Paypal-Datenleck-nach-Zugangsdaten-Durchtesten-von-Angreifern-7464993.html #CyberCrime #DataLeak #Datenschutz #privacy #ElectronicCash #CredentialStuffing

PayPal accounts breached in large-scale credential stuffing attack: January 19, 2023 09:47 AM

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

#Hack #PayPal #CredentialStuffing #Breach

#paypal Accounts #breached in Large-Scale #credentialstuffing Attack - Slashdot https://it.slashdot.org/story/23/01/20/1552237/paypal-accounts-breached-in-large-scale-credential-stuffing-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed
#breach

Social Security Numbers Stolen in PayPal Cyberattack

The Social Security numbers and other personal information of about 35,000 PayPal users were stolen in a December credential-stuffing attack. In addition to Social Security numbers, usernames, addresses, dates of birth and individual tax identification numbers also may have been compromised.

#fintech #paypal #cyberattack #databreach #credentialstuffing #security #cybersecurity #SSN #infosec #hackers #hacking #hacked

https://www.cnet.com/tech/services-and-software/social-security-numbers-stolen-in-paypal-cyber-attack/

From the ThreatX Labs labs team: @neocoder recently published “Anatomy of a Targeted Credential Stuffing Attack.”

This paper analyzes a recent distributed, botnet-based credential stuffing attack the Labs team observed. In the paper, @neocoder highlights exactly how these attacks are carried out.

The research paper is available here (no forms or anything like that): https://info.threatx.com/hubfs/ug/Credential_Stuffing-Anatomy.pdf

#credentialstuffing #securityresearch #security #botnet

Account #PayPal nel mirino di un attacco di #credentialstuffing: quelli compromessi potrebbero essere più del previsto https://www.cybersecurity360.it/news/account-paypal-nel-mirino-di-un-attacco-di-credential-stuffing-quelli-compromessi-potrebbero-essere-piu-del-previsto/?utm_source=dlvr.it&utm_medium=mastodon

PayPal notifies 34942 users of data breach over credential stuffing attack https://securityaffairs.com/141072/data-breach/paypal-data-breach-credential-stuffing.html #informationsecuritynews #ITInformationSecurity #credentialstuffing #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CyberCrime #DataBreach #Cybercrime #databreach #Hacking #PayPal

Just another friendly reminder to not reuse credentials - ever! I use a self hosted instance of bitwarden, but there are plenty of tools to manage credentials.

#cybersecuritynews #paypal #credentialstuffing #credentialstuffingattack

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/ #cybersecurity #PayPal #breach #credentialstuffing

Vor zwei Tagen hat #PayPal der Generalstaatsanwaltschaft im US-Bundesstaat Maine ein #Datenleck gemeldet.

Laut der Meldung führte ein Sicherheitsvorfall dazu, dass Unbefugte Zugang zu Namen, Adressen, Sozialversicherungsnummern, individuellen Steueridentifikationsnummern und Geburtsdaten erhielten [...] die Unbefugten konnten zwischen dem 6. Dezember 2022 und dem 8. Dezember 2022 auf die betroffenen Konten zugreifen".

#credentialstuffing

#xp

Artikel englisch
https://www.jdsupra.com/legalnews/paypal-inc-announces-data-breach-9072961/

Paypal: Datenleck nach Zugangsdaten-Durchtesten von Angreifern

Paypal hat ein Datenleck bei der Generalstaatsanwaltschaft von Maine gemeldet. Angreifer hätten Zugangsdaten durchgetestet und Zugriff auf Konten erhalten.

https://www.heise.de/news/Paypal-Datenleck-nach-Zugangsdaten-Durchtesten-von-Angreifern-7464993.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#CredentialStuffing #CyberAngriff #Cybercrime #Datenklau #Paypal #Security #Zugriff

It was a #CredentialStuffing attack, meaning the attackers just tried a bunch of breached email addresses and passwords from other sites. People who don't use the same email address and password on other sites were unaffected. Which includes you, right? RIGHT?

#PayPal #infosec #breach

📬 Credential Stuffing-Angriff auf PayPal: Fast 35.000 Konten infiltriert
#Cyberangriff #Datenschutz #2FA #CredentialStuffing #Datenleck #PasswortDatenbank #PasswortStrategie #PayPalKonto #Zugangsdaten https://tarnkappe.info/artikel/datenschutz/credential-stuffing-angriff-auf-paypal-fast-35-000-konten-infiltriert-263346.html