Last week, a reader referred me to a post by a guy named Andrew on the help forum. The credentials leaked in connection with breaches at those social networking sites were stolen years ago, but the full extent of the intrusions only became clear recently - when several huge archives of email addresses and hashed passwords from each service were posted to the dark web and to file-sharing sites. Today’s post examines some of the missteps that preceded this embarrassing and potentially brand-damaging “oops.” We’ll also explore the limits of automated threat intelligence gathering in an era of megabreaches like the ones revealed over the past week that exposed more than a half billion usernames and passwords stolen from Tumblr, MySpace and LinkedIn. The only problem with that notification was that Dropbox didn’t have a breach the data appears instead to have come from another breach revealed this week at social network Tumblr.
Last week, LifeLock and several other identity theft protection firms erroneously alerted their customers to a breach at cloud storage giant - an incident that reportedly exposed some 73 million usernames and passwords.
0 kommentar(er)
