plaintext passwords – WindowsTechs.com

Popular family tracking app exposed real-time location data onto the internet – no password required

Posted on March 25, 2019 by Graham Cluley

More than 238,000 individuals users have had their family’s real-time location exposed for weeks on end after an app developer left sensitive data exposed on the internet, without a password. Many users of “Family Locator”, an iOS app… Continue reading Popular family tracking app exposed real-time location data onto the internet – no password required→

Millions of Facebook Passwords Kept in Plain Text for Employees to Access

Posted on March 22, 2019 by Luana Pascu

Perhaps we should all change our Facebook passwords to play it safe, following news that Facebook kept, from as early as 2012, “hundreds of millions” of user account passwords in plain text, making them available to some 20,000 employees, w… Continue reading Millions of Facebook Passwords Kept in Plain Text for Employees to Access→

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Posted on March 21, 2019 by BrianKrebs

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Continue reading Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years→

Millions of utilities customers’ passwords stored in plain text

Posted on February 27, 2019 by Lisa Vaas

Plain-text, unencrypted passwords were sent instead of having users reset them. There was no breach, the firm claims, but how would it know? Continue reading Millions of utilities customers’ passwords stored in plain text→

Instagram accidentally reveals plaintext passwords in URLs

Posted on November 20, 2018 by Lisa Vaas

It’s yet another security stumble following the massive Facebook hack in September, and it likely points to shoddy encryption practices. Continue reading Instagram accidentally reveals plaintext passwords in URLs→

Fetish app put users’ identities at risk with plain-text passwords

Posted on September 11, 2018 by Lisa Vaas

Whiplr, a naughty, naughty little app, has now secured passwords with “one-way encryption” and is “adding more security measures”. Continue reading Fetish app put users’ identities at risk with plain-text passwords→

Kid monitoring app TeenSafe exposes user data

Posted on May 21, 2018 by Luana Pascu

Phone application TeenSafe allegedly leaked thousands of passwords that were kept on a vulnerable Amazon server, found Robert Wiggins, a security researcher based in the UK. The application was created for parents to keep track of their children’… Continue reading Kid monitoring app TeenSafe exposes user data→

What online sex toys can teach you about secure coding

Posted on February 5, 2018 by Lisa Vaas

Like other IoT security flubs, this one is full of elementary errors that you’re just not supposed to make any more. Continue reading What online sex toys can teach you about secure coding→

Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

Posted on September 27, 2017 by Michael Mimoso

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate. Continue reading Gatekeeper Alone Won’t Mitigate Apple Keychain Attack→

macOS High Sierra Available—And Vulnerable to Keychain Attack

Posted on September 26, 2017 by Michael Mimoso

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. Continue reading macOS High Sierra Available—And Vulnerable to Keychain Attack→