Siegrist: With the level and the scale of the transfer, we don't think a lot of data could have been taken--but certainly enough to cover people's usernames and [encrypted] passwords. That would be enough to set up a potential attacker so they could start going through and looking for people with weak master passwords without having to hit our servers. That's really the threat that we're concerned about and why we're handling it the way we are.
You can combine the user's e-mail, a guess on their master password, and the salt and do various rounds of one-way mathematics against it. When you do all of that, what you're potentially left with is the ability to see from that data whether a guess on a master password is correct without having to hit our servers directly through the website.
Hack Facebook Password Online Without Surveys
According to an online survey among over 2,000 U.S. adults conducted by Harris Poll on behalf of Dashlane, the leader in online identity and password management, nearly four in ten Americans (39%) would sacrifice sex for one year if it meant they never had to worry about being hacked, having their identity stolen, or their accounts breached. With a new hack or breach making news almost daily, people are constantly being reminded about the importance of secure passwords, yet some are still not following proper password protocol.
Many suggest that the switch in recent years from hacking-for-sport to hacking for financial gain represents an extremely serious escalation. This is sometimes offered as evidence that users must finally get serious about security, passwords must be done away with, etc. We offer the somewhat provocative thought that this switch is good news, not bad. The banking system has been hardened by centuries of exposure to fraud and money laundering. In spite of the enormous effort devoted to password-stealing, banks offer zero liability guarantees to customers and keep losses manageable. A fixed population of hackers will almost certainly do less harm by attacking hardened targets like banks than if they applied the same energy elsewhere. Getting in and getting out with money is a far harder problem than simply causing destruction. If the goal were mayhem and destruction rather than money-making we might be a great deal worse off.
Of course passwords didn't die and now millions upon millions of users have weak and easy to hack passwords on social networking sites. The answer to the password problem may be even more research, although in another paper Herley estimated that "the time spent managing complex passwords could cost U.S. businesses billions of dollars in lost productivity each year."
Apple says that hackers obtained nude photos of female celebrities by breaking into their individual accounts. But the company says it was not a broad breach of its online services. Security experts say the attack should be an eye-opener for everyone who stores information online. NPR's Laura Sydell reports.
LAURA SYDELL, BYLINE: "Hunger Games" star Jennifer Lawrence first contacted authorities on Sunday evening after the images began appearing online. Photos of other celebrities such as Kirsten Dunst and Kate Upton also began to appear. In a statement, Apple said the hackers didn't penetrate its systems. Instead they got access to the pictures through a targeted attack on usernames, passwords and security questions. Nico Sell, a security expert, says that most people only have one password and hackers use algorithms to guess them and they can search the web for personal information to fill in security questions.
The hacker first obtained the password of an Uber employee, likely through phishing. The hacker then bombarded the employee with push notifications asking they confirm a remote log-in to their account. When the employee did not respond, the hacker reached out via WhatsApp, posing as a fellow worker from the IT department and expressing urgency. Ultimately, the employee caved and confirmed with a mouse click.
A recent survey conducted by Nudge with 506 respondents from South Africa (283), Ghana (66), Kenya (126) and Tanzania (32), revealed that 56% of the respondents were confident of their online password strength, while only 3% felt that their passwords were very vulnerable. These statistics are alarmingly high when in reality many people have bad habits when it comes to their password safety. 2ff7e9595c
Comments