Made the law, made the trap, and it seems that made security, made the hack. A few weeks ago in fact we talked about the particular hack that has apparently suffered neither more nor less than the NSA, the U.S. National Security Agency. But despite the recent even that’s last massive filtration suffered by a well known organization, and indeed 2016 is a strong candidate to be the year of the mass hacks of accounts.
A few hours ago it was news that some 800,000 Brazzers accounts, a web page of viewing pornographic content, were exposed due to a security flaw. Yet another spill from the privacy of thousands of users, which have happened during this rugged 2016?
New year, new hack
Although it may be what we most sounds in relation to downloading torrents to the relatively recent closure of Kickass or clones that emerged as fungi almost immediately, the year began with the news that BitTorrent had been hacked. Both Troy Hunt, Manager of Have I been Pwned (a website that verifies if our mail has been affected by any of these leaks) as Motherboard had access to data.
Since BitTorrent confirmed that there had been a security issue that had allowed access to the accounts of the users, in particular of 34,000 accounts. Access was possible because the security algorithm SHA1, which is considered long obsolete and not many hampers the hackers used.
Game Over for Neopets
New Motherboard and Have I Been Pwned, as well as LeakedSource (a website of the style of HIBP) echoed massive hacking suffered Neopets virtual pets website. The company JumpStart game collect some personal data to which apparently was accessed to 2014, year of the acquisition of Neopets by JumpStart.
Apparently, a total of 70 million accounts they were hacked, after which was notified to the users who had to change passwords. According to HIBP, were committed data such as date of birth, geographic locations, IP addresses, passwords or email addresses.
LinkedIn: giving more work which sought to
While in the case of the NSA, we saw that information is subastaba, what came in the middle of the month of May was a direct sale. In that case it was emails and passwords of accounts on LinkedIn, the service a few months later would become Microsoft. As generally happens with these hacks the number of accounts was quite spectacular, in the case of up to 117 million users affected.
The price of LinkedIn information was about 2,000 euros
Apparently the service had a security hole that allowed that they should go out to light some 6.5 million passwords in 2012. It was at this moment when supposedly peace (the author) are provisioned information that this offered in The Real Deal (a market in Deep Web). Is the price? Five bitcoins (the badge routine when we talk about these purchases), i.e. about 2,700 euros. And next to it the LeakedSource website, which said to have data of up to nearly 170 million accounts, topping the podium of leaks in terms of number of affected at the time.
The case of Tumblr
If LinkedIn is catapultaba to the pole of the hacks, the Tumblr during the same month not stayed far behind. The microblogging service made public that there was an external access to a set of e-mail on passwords in early 2013, ensuring that the security hole was located and it had corrected. In total, more than 65 million affected.
Something that checked in Have I Been Phowned Troy Hunt, who had access to the filtered data. As do LinkedIn, Tumblr requested the change of passwords and also acted as the verification in two steps to increase security.
Social is not saved even if it is old: MySpace
Again it was LeakedSource who claimed to have another serving of millions of private data from a known service, although this had long ago their glory years. According to age and the time that we are navigating between digital services will sound us more or less MySpace, one of the germs of the phenomena social digital that although it is becoming less used continues to be a database and, therefore, a target for hacks.
A leak of 427.484.128 passwords, affecting about 360 million users
In this chaotic month of may in terms of privacy also ensured a filtration of 427.484.128 passwords, affecting about 360 million users. As they had in the web information was provided them by a user (Tessa88@exploit.im) who was able to access a server protected, again, by the SHA1 algorithm. This hacking, incidentally, snatched the pole number of affected and remains in first place.
An appointment with leaks: Badoo
Just over one year ago Ashley Madison was also a protagonist of the filtration of your customer data, but it was not the only site of appointments and meetings. At the beginning of last June in Motherboard published about the circulation of personal data of users of the Badoo in the Deep Web.
Emails, passwords, dates of birth and names full that they were uploaded on LeackedSource and shared a Motherboard apparently being a total of 127.343.437 records. In this case the security algorithm was MD5, which does not mean too many problems for hackers since long ago. For his part, Badoo refused to Motherboard that a hack had given and that they continually monitored security.
The “no-hack” of VK
Further objectives relating to social, this time a service created by Pavel Durov, the CEO of Telegram (and that he would then sell), and which is more popular in Russia. VK, a network similar to Facebook, was hacked by “Peace” last June as it reported Motherboard web hacker showed that information.
A total of 100.544.934 records among those who were name, e-mails, phone numbers and passwords belonging to about 100 million users. As we have seen in other cases, the author put price to this wealth of information, in this case a bitcoin (544 euros), also at The Real Deal.
Here was again cited the participation of the user Tessa88@exploit.im by LeakedSource, where also added that the most popular password was ‘123456’ view more than 700,000 cases (also was the most common in the case of LinkedIn). Despite being one of the sites that appear in the list of Have I Been Pwned, VK denied that there had been a security breach and that it was “old users/passwords that had been collected in 2011-2012”.
Dropbox: a complete history with a recent cherry
One of the original services therein of copar the cloud with our virtual belongings, among which there are all kinds of files and personal data, and which has been protagonist of several incidents related to a commitment to the safety of them. Already in 2012 a security breach allowed users to receive spam in your email accounts, issue that was later confirmed when the company announced that it was investigating it.
Two years later there was another filtration affecting 7 million users. Facts in addition to the above were affecting the reputation of the service, with the “help” of Snowden, who pointed out that using it we put at risk our privacy, and linking it to PRISM, which responded Dropbox denying this link.
Safeguard the information of our users is a priority for Dropbox. We are not committed to PRISM, and we resist to collaborate with any program of this type.
Among the causes of seepage of Dropbox is also the SAH1 algorithm
And apparently numbered years do not favor the company of the blue box. A few days ago confirmed a new hack to Dropbox, after asking to users that they have an account since before the year 2012 that change the password as a general preventive measure (in principle). A total of 68 million accounts they were engaged, and here again appears the SHA1 algorithm, whose obsolescence is already discussed in the case of MySpace.
Last.FM, last hacked
The social music platform was the last who has joined this massive 2016 hacks list, even if it’s a leak occurring in 2012. In this case speaks ArsTechnica’s more than 43 million affected accounts, seeing two factors that were given in other hacks here: the surprising abundance of the password “123456” (255,000 users, and other 92.000 with “password”) and security MD5 algorithm.
Again the password “1234556” was the most common
LeakedSource, the source of this filtering also on this occasion, explained that it only took them two hours revealing the 96% of the passwords. In addition, indicates that from next month there will be still more revelations of massive leaks, without specifying or nothing more detail.
You worry about your accounts? Ask the experts
I mentioned before Have I been pwned speaking filtration on LinkedIn. This website is a compilation of major leaks and hacks of services as those who have quoted, made by Troy Hunt, security expert. In addition to this information, the web is a verification service in the event that we want to know if our email is in one of those leaks.
The own Hunt explained in detail how verified these leaks in order to verify that they are certain. So in the event that we have questions about our email accounts, we can easily see if they have been affected by any of the leaks, or that is you notify us when they are so.
Is your case? If the search engine shows you that your mail appears in one or more of the cases it is best to modify password (if you tend to repeat it in other services nor shall be wrong that modify it there). Another useful caution is to resort to the verification and two steps when it is available, as well as flee type “dadada” passwords and use for example key generators (interspersed with symbols, numbers and uppercase and lowercase letters).