#credential-stuffing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #credential-stuffing, aggregated by home.social.
-
🚨 149M credentials exposed: Gov accounts, banks, crypto wallets hit in 96GB breach
Database sat unprotected for weeks. Multi-factor auth now critical.
#AdwaitX #Cybersecurity #DataBreach #InfoSec #CyberThreats #CredentialStuffing #news #tech #technology
https://www.adwaitx.com/149m-credentials-infostealer-breach-2026/
-
Have I Been Pwned (HIBP) adds nearly 2 billion email addresses from Synthient credential-stuffing data, expanding the exposure database and underscoring the risk of reused passwords. 🔐💥 Read the full details: https://cyberinsider.com/hibp-adds-2-billion-leaked-emails-from-credential-stuffing-dataset/ #CyberSecurity #HIBP #CredentialStuffing #DataBreach #PasswordSecurity
#privacy #security -
🥱Oh no, yet another riveting tale of "credential stuffing"—because apparently, reminding us that passwords are our Achilles' heel never gets old. 🤪 Dan Moore heroically informs us that attackers are... get this... using stolen credentials! 😱 Next thing you know, he'll reveal that water is wet and the sky is blue. 🌧️🌤️
https://ciamweekly.substack.com/p/credential-stuffing #credentialstuffing #passwordsecurity #cybersecurity #databreach #onlineprivacy #HackerNews #ngated -
DraftKings Warns Users of Credential Stuffing Attacks https://www.securityweek.com/draftkings-warns-users-of-credential-stuffing-attacks/ #credentialstuffing #DataBreaches #databreach #DraftKings
-
DraftKings Warns Users of Credential Stuffing Attacks https://www.securityweek.com/draftkings-warns-users-of-credential-stuffing-attacks/ #credentialstuffing #DataBreaches #databreach #DraftKings
-
DraftKings just faced a breach—not from some sci-fi hack but through the all-too-common tactic of credential stuffing. Reusing passwords made it easy for attackers. How secure are your accounts? Dive in to learn the warning signs and how to protect yourself.
https://thedefendopsdiaries.com/credential-stuffing-lessons-from-the-draftkings-breach/
#credentialstuffing
#databreach
#passwordsecurity
#multifactorauthentication
#cybersecuritytips -
Meldepflicht: Über 150 Cyberangriffe beim Bacs gemeldet - inside-it.ch https://www.inside-it.ch/meldepflicht-uber-150-cyberangriffe-beim-bacs-gemeldet-20250929 #KRITIS #Hacking #dDoS #CredentialTheft #CredentialStuffing #Ransomware #Malware #DataLeak #Datenleck #Datenschutz #privacy
-
Datenlecks bei #Cartier, #Northface und Victoria's Secret | Security https://www.heise.de/news/Datenlecks-bei-Cartier-Northface-und-Victoria-s-Secret-10435786.html #VictoriasSecret #Datenleck #Datenschutz #privacy #DataLeak #CyberCrime #CredentialStuffing
-
Thousands Hit by The North Face Credential Stuffing Attack https://www.securityweek.com/thousands-hit-by-the-north-face-credential-stuffing-attack/ #credentialstuffing #DataBreaches #TheNorthFace #databreach
-
Thousands Hit by The North Face Credential Stuffing Attack https://www.securityweek.com/thousands-hit-by-the-north-face-credential-stuffing-attack/ #credentialstuffing #DataBreaches #TheNorthFace #databreach
-
Our latest post is out, check it out for the full details here 👉 https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/
If you're short on time, here's a quick rundown of the key stories:
🇦🇺 Australian Pension Funds Under Attack: A significant credential stuffing campaign hit multiple Aussie superannuation funds (Australian Super, REST, Hostplus, Insignia, ART) over the March 29-30 weekend. Attackers used stolen creds, likely targeting web portals and mobile apps, accessing accounts and unfortunately stealing funds in some cases (reports mention ~AU$500k from four Australian Super members alone). ASFA is coordinating the response. A stark reminder about password reuse and MFA effectiveness, especially during off-hours!
🏛️ Shake-up at NSA/Cyber Command: Big news out of the US – Gen. Timothy Haugh has been fired from his dual-hat role leading the NSA and USCYBERCOM after just over a year. Deputy Director Wendy Noble is also reportedly out. Reasons are murky, but speculation points towards political motivations (linked to Laura Loomer's visit with President Trump). This raises questions about stability, the ongoing 'Cybercom 2.0' review, and the future of the dual-hat structure, especially with ongoing nation-state threats.
⏱️ Incident Response Speed vs. Backups: An interesting debate highlighted recently – while backups are vital for recovery, is rapid IR potentially even more critical? It’s a tough balancing act: contain fast (risking tipping off attackers/losing evidence) or investigate thoroughly while the breach continues? Emphasises the need for skilled responders and adequate tooling, not just relying on backups as a silver bullet.
⚠️ Critical RCE in Apache Parquet (CVE-2025-30065): Heads up, data folks! A CVSS 10.0 RCE vulnerability has been found in the widely used Apache Parquet columnar storage format (up to v1.15.0). Given its use in Hadoop, AWS, Azure, GCP, and by major tech companies, the potential impact is huge. Patch to version 1.15.1 ASAP!
📱 Pentagon Probes Defense Secretary's Signal Use: The DoD's Inspector General is investigating Defense Secretary Pete Hegseth's use of Signal for official business. This follows a report where a journalist was accidentally added to a Signal chat discussing sensitive airstrike details (targets, timing). Raises concerns about classified info on unclassified apps, need-to-know, and record-keeping compliance.
The full blog post dives deeper into each of these stories and much more. Don't forget to sign up to our newsletter so you can get this daily wrap-up straight to your inbox!
📨 https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/#/portal/signup
What are your biggest takeaways from this week's news? Let's discuss below!
#CyberSecurity #InfoSec #ThreatIntel #DataBreach #CredentialStuffing #Ransomware #Phishing #Vulnerability #ApacheParquet #NSA #CyberCommand #IncidentResponse #CloudSecurity #NationalSecurity #Espionage #Privacy
-
Intelligente Cyberabwehr fängt bei den Mitarbeitern an
Schutz vor Cyberbedrohungen: Best Practices und Lösungen | heise https://business-services.heise.de/security/bedrohungen-schwachstellen/beitrag/intelligente-cyberabwehr-faengt-bei-den-mitarbeitern-an-4873 #CredentialStuffing #Phishing #Deepfake #ArtifificialIntelligence #SocialEngineering #CyberSecurity #HumanFactor #SecurityAwareness #HumanRiskManagement
-
How a Global Insurer Protects Customer Data & Achieves Compliance With DataDome – Source: securityboulevard.com https://ciso2ciso.com/how-a-global-insurer-protects-customer-data-achieves-compliance-with-datadome-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #fakeaccountcreation #brute-forceattacks #credentialstuffing #CyberSecurityNews #SecurityBoulevard #CustomerStories #onlinefraud #bottraffic
-
FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits https://hackread.com/fortiguard-labs-ec2-grouper-aws-credential-exploits/ #CredentialStuffing #Cybersecurity #Vulnerability #CyberAttacks #EC2Grouper #Security #AWS
-
FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits – Source:hackread.com https://ciso2ciso.com/fortiguard-labs-links-new-ec2-grouper-hackers-to-aws-credential-exploits-sourcehackread-com/ #1CyberSecurityNewsPost #CredentialStuffing #CyberSecurityNews #cybersecurity #Vulnerability #CyberAttacks #EC2Grouper #Hackread #security #AWS
-
Not sure who is playing around, but I don't use my Proton Mail account for things like this.
-
@bsi -Warnung: Vermehrte #BruteForce-Angriffe auf #Citrix Netscaler Gateways | Security https://www.heise.de/news/BSI-Warnung-Vermehrte-Brute-Force-Angriffe-auf-Citrix-Netscaler-Gateways-10194910.html #CirtrixNetscaler #CredentialStuffing
-
Radiology provider exposed tens of thousands of patient files https://www.malwarebytes.com/blog/news/2024/10/radiology-provider-exposes-tens-of-thousands-of-patient-files #credentialstuffing #AItraining #Privacy #News #imed
-
Nach Cyberangriff: Solaranbieter "#Qcells" informiert Kunden über #Datenleck | Security https://www.heise.de/news/Nach-Cyberangriff-Solaranbieter-Qcells-informiert-Kunden-ueber-Datenleck-9852641.html #DataLeak #Datenschutz #privacy #DSGVO #GDPR #Phishing #CredentialStuffing
-
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds https://www.securityweek.com/stolen-credentials-have-turned-saas-apps-into-attackers-playgrounds/ #credentialstuffing #Identity&Access #credentials #BlackHat #SaaS
-
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds https://www.securityweek.com/stolen-credentials-have-turned-saas-apps-into-attackers-playgrounds/ #credentialstuffing #Identity&Access #credentials #BlackHat #SaaS
-
#RockYou2024: Wohl bislang größter #Passwort #Leak - #Achtung an alle, die ihre #Passwörter wiederverwenden oder dasselbe Passwort für den gleichen Dienst nutzen! #CredentialStuffing
"Höchstwahrscheinlich enthält die neueste RockYou-Version Informationen aus über 4.000 Datenbanken, die man über mehr als zwei Jahrzehnte zusammengetragen hat. In der Zukunft muss man mit vielen weiteren Datenlecks rechnen."
-
Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks https://www.securityweek.com/amtrak-says-guest-rewards-accounts-hacked-in-credential-stuffing-attacks/ #credentialstuffing #DataBreaches #Amtrak
-
Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks https://www.securityweek.com/amtrak-says-guest-rewards-accounts-hacked-in-credential-stuffing-attacks/ #credentialstuffing #DataBreaches #Amtrak
-
Battered and bruised 23andMe faces probe after hack that stole seven million users’ data https://www.bitdefender.com/blog/hotforsecurity/battered-and-bruised-23andme-faces-probe-after-hack-that-stole-seven-million-users-data/ #credentialstuffing #databreach #Guestblog #Lawℴ #Dataloss #23andMe #DNA
