The biggest hacks and data breaches of 2020

[techietraveller84]

This is quite a list, and I'm sure it's just the tip of the iceberg. The scary thing is that most of this year's hacks and breaches probably haven't even been discovered yet.

 

Keep changing those passwords.

 

https://www.zdnet.com/article/the-biggest-hacks-data-breaches-of-2020/

[FritsSikkink]

25 minutes ago, techietraveller84 said:

This is quite a list, and I'm sure it's just the tip of the iceberg. The scary thing is that most of this year's hacks and breaches probably haven't even been discovered yet.

 

Keep changing those passwords.

 

https://www.zdnet.com/article/the-biggest-hacks-data-breaches-of-2020/

Not only change them but choose one which takes longer to hack.   http://keithieopia.com/post/2017-12-13-passwd-crack-time/

 

[techietraveller84]

22 hours ago, FritsSikkink said:

Not only change them but choose one which takes longer to hack.   http://keithieopia.com/post/2017-12-13-passwd-crack-time/

 

 

Very true. For those struggling to finally update their passwords, here's a simplified chart on password strength that I think does a great job illustrating how much this matters.

[Tropicalevo]

17 minutes ago, techietraveller84 said:

here's a simplified chart on password strength that I think does a great job illustrating how much this matters.

Interesting chart. Thank you.

[WebGuy]

... and many more that do not report breaches to avoid being compromised.

In reality it is not complicated to keep information systems secure but employees must be trained regularly

[Mike Teavee]

I got an alert that somebody had logged into my Apple account from China, fortunately I was able to deny them access & reset my password but When companies like FireEye are getting hacked https://www.cnet.com/news/fireeye-hack-cybersecurity-firm-says-nation-state-stole-attacking-tools/

 

It makes you wonder can you ever be really safe.

A little less safe now as the hackers stole their Red Hat hacking tools used to Pen Test large companies & government agencies 

 

[techietraveller84]

Yep, if Fireeye can get hacked, then none of us are safe, no matter what we do. Just have to stay low key and uninteresting.

[KhunHeineken]

On 12/8/2020 at 8:03 AM, techietraveller84 said:

Keep changing those passwords.

Not meaning to hijack your thread, but maybe a quick side discussion is ok.

 

Is anyone using a password manager? 

 

I have thought about using one, but then thought, if the one password I have to get into the password manager is hacked or compromised, they would have access to every account I have online and can do untold damage, so I opted to not use one, but I do see their benefits.  

[techietraveller84]

Totally valid question, and something I wondered about as well.  Last Pass is a big player in the password manager business, and the image attached gives a sense of their security concept. Of course, nothing is perfect, but there are varying degrees of secure.

[berrec]

On 12/11/2020 at 6:50 AM, KhunHeineken said:

Not meaning to hijack your thread, but maybe a quick side discussion is ok.

 

Is anyone using a password manager? 

 

I have thought about using one, but then thought, if the one password I have to get into the password manager is hacked or compromised, they would have access to every account I have online and can do untold damage, so I opted to not use one, but I do see their benefits.  

1Password  https://1password.com/

[KhunHeineken]

On 12/12/2020 at 6:20 PM, berrec said:

1Password  https://1password.com/

There are many password manager companies out there.  Does any member use a password manager?  If so, are you concerned that if your password is compromised, someone would have access to every online account you have?  Do any password managers offer 2 Stage Authentication?  If they did, I would probably sign up.  

[techietraveller84]

23 hours ago, KhunHeineken said:

There are many password manager companies out there.  Does any member use a password manager?  If so, are you concerned that if your password is compromised, someone would have access to every online account you have?  Do any password managers offer 2 Stage Authentication?  If they did, I would probably sign up.  

LastPass has multi-factor (2 stage) authentication. https://www.lastpass.com/how-lastpass-works

[Moncul]

On 12/14/2020 at 3:23 AM, oby said:

biggest hack: 2020 US election fraud.

algorithm transferring millions of votes from trump to biden.

dominion machines used in last venuezuela, canada, and us elections denied democracy.

dominion machines ensure socialists win every time.

 

I see someone has drunk the trumpanzee Koolaid.

[Moncul]

On 12/9/2020 at 12:53 PM, WebGuy said:

... and many more that do not report breaches to avoid being compromised.

In reality it is not complicated to keep information systems secure but employees must be trained regularly

In reality, the more complex the system, the harder it is to protect.



 

[techietraveller84]

Updates on the SolarWinds hack are coming in a bit too slow. But at least journalists are doing some interesting analysis. I like this one by Geekwire.com titled, "How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks."

 

And here's the scale.

• Stage 0: The attackers have found or made an entry point to systems or the network but haven’t used it or took no action.
• Stage I: Attackers have control of a system but haven’t moved beyond the system to the broader network.
• Stage II: Attackers have moved to the broader network and are in “read-only” mode meaning they can read and steal data but not alter it.
• Stage III: Attackers have moved to the broader network and have “write” access to the network meaning they can alter data as well as read and steal it.
• Stage IV: Attackers have administrative control of the broader network meaning they can create accounts and new means of entry to the network as well as alter, read and steal data.

So which one does the SolarWinds hack fall under?

https://www.geekwire.com/2020/hacked-hacked-heres-hack-scale-better-understand-solarwinds-cyberattacks/

[Moncul]

In this case it's "networkS". Lots of them.

The first one giving access to the rest, and reaching Stage IV only dependent on the tools and skills of the defenders.

[techietraveller84]

Feels like 2021 has already delivered more high profile attacks than the first 11 months of 2020. Going to be a rough year on so many fronts.

 

February is already off to a strong start: Female escort review site data breach affects 470,000 members.

????

https://www.bleepingcomputer.com/news/security/female-escort-review-site-data-breach-affects-470-000-members/?&web_view=true

[KhunHeineken]

On 12/21/2020 at 12:13 PM, techietraveller84 said:

LastPass has multi-factor (2 stage) authentication. https://www.lastpass.com/how-lastpass-works

 

Thanks.  I'll check it out.  

[techietraveller84]

21 hours ago, KhunHeineken said:

 

Thanks.  I'll check it out.  

Now that the holidays are past and life is returning to normal, it's the perfect time. ????

[KhunHeineken]

5 hours ago, techietraveller84 said:

Now that the holidays are past and life is returning to normal, it's the perfect time. ????

Quick question.  Does software have to be installed on the computer?  I travel with my laptop, but in the past, on rare occasions, in small villages, I have had to use public computers for the purpose of printing out a form, signing it, scanning it, and emailing it back.  

 

[techietraveller84]

It's a browser extension that you would need to add to each browser you use on your personal computers. Unfortunately wouldn't help you much on public computers.