Personal note

Even though I've been very short on time this week, I seem to have written longer summaries than usual. Consider yourself warned. And I'll try to keep them shorter next time ;-)

Dieter Van der Stock

Breaches and leaks

  • Facebook: djees Facebook, enough already. I am not giving you your own item this week, stop trying. The news this time is that they found even more plain-text logged passwords, impacting millions of Instagram users.
  • Facebook, again: Sigh. Apparently when they asked users for their e-mail passwords, as reported on last week, they also uploaded these people's e-mail contacts without anyone's consent.
  • this was a big one. The decentralised communication project was hacked through a vulnerable Jenkins server. The attacker had access to unencrypted messages, access tokens and password hashes, but also posted Github issues detailing how he got in. Hackernews discussion here.
  • FBI-NAA: the FBI National Academy Association. Had several websites breached and defaced, giving the attackers personal details on several thousand federal officers. They claim they have much more, and are gearing up to sell.
  • Round 5 database dumps: the same person who previously sold credential dumps in several rounds, belonging to companies like 500px, Under Armour and others, published a new breach set for sale, this time totalling 65 million records. He says he's going for the 1 billion, and is nearly there.
Dieter Van der Stock