SIM swap scam: What it is and how to protect yourself

Here’s what to know about attacks where a fraudster has your number, literally and otherwise SIM swap scams have been a growing problem, with fraudsters targeting people from various walks of life, including tech leaders, and causing untold damage to many victims. Here’s why you should be on the lookout for attacks where someone can upend your life by first hijacking your mobile phone number. How SIM swap fraud works Also known as SIM hijacking and SIM splitting, SIM swapping can be described as a form of account takeover fraud. To make the attack work, the cybercriminal will first gather information on their mark, often through trawling the web and searching for [...]

Up to 350,000 Spotify accounts hacked in credential stuffing attacks

This won’t be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree Researchers have found an unsecured internet-facing database containing over 380 million individual records, including login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. The exposed records included a variety of sensitive information such as people’s usernames and passwords, email addresses, and countries of residence. The treasure trove of data was stored on an unsecured Elasticsearch server that was uncovered by vpnMentor. Both the origin and owners of the database remain unknown. However, the researchers were able to validate the veracity of the data by contacting Spotify, [...]

Security flaws in smart doorbells may open the door to hackers

The peace of mind that comes with connected home security gear may be false – your smart doorbell may make an inviting target for unwanted visitors Smart doorbells commonly found on marketplaces such as Amazon and eBay contain serious vulnerabilities that expose their owners to a host of security and privacy threats, according to an investigation led by the British consumer watchdog Which?. Together with NCC Group, Which? looked into 11 internet-connected video- and audio-equipped doorbells, finding disconcerting vulnerabilities in all of them. A number of the gadgets are designed to have the look and feel of Amazon’s Ring and Google’s Nest Hello and are sold either under their own brands or [...]

The worst passwords of 2020: Is it time to change yours?

They’re supremely easy to remember, as well as easy to crack. Here’s how to improve your password security. Cybersecurity experts often share advice about the do’s and don’ts of passwords as a vital part of good cyber-hygiene practices. And yet, annual roundups of the most common passwords show that many of us continue to prioritize convenience over security, putting our accounts and data at risk of theft. NordPass has just revealed the 200 most commonly used passwords on the web in 2020, showing yet again that various easy-to-guess combinations of numbers remain as popular as ever. Seven out of the top ten worst passwords were made up of various numerical combinations, with [...]

Bumble bugs could have exposed personal data of all users

The information at risk of theft due to API flaws included people’s pictures, locations, dating preferences and Facebook data Security vulnerabilities in Bumble, one of today’s most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs – which affected Bumble’s application programming interface (API) and stemmed from the dating service not verifying user requests server-side – was discovered by Sanjana Sarda and her team at Independent Security Evaluators. In addition to finding a way to bypass paying for Bumble Boost, the platform’s premium tier that gives users a host of advanced features, the researchers uncovered security loopholes that a potential attacker could exploit [...]