NationalPublicData.com Hack Exposes a Nation’s Data

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida. Continue reading NationalPublicData.com Hack Exposes a Nation’s Data

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Continue reading Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The Security Pros and Cons of Using Email Aliases

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website. Continue reading The Security Pros and Cons of Using Email Aliases

Troy Hunt Flags Up ‘Sensational’ Sextortion Bug in Grindr

Grindr, the popular dating app, had a ridiculous bug in its password-recovery flow. To make matters worse, Grindr ignored the bug for a week.
The post Troy Hunt Flags Up ‘Sensational’ Sextortion Bug in Grindr appeared first on Security Boulevard.
Continue reading Troy Hunt Flags Up ‘Sensational’ Sextortion Bug in Grindr

News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate

Threatpost editors discuss debunked reports of a Minneapolis police department breach and Zoom announcing only paying users would get end-to-end encryption. Continue reading News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case. Continue reading Ukraine Nabs Suspect in 773M Password ‘Megabreach’