The FBI and the U.K.’s National Crime Agency are updating the Have I Been Pwned website of compromised passwords after nearly 586 million credential sets were allegedly collected from an exposed cloud storage facility, which left them available for access by threat actors, according to Threatpost.
Moreover, 226 million of the discovered credentials have been found to be new to the Have I Been Pwned website, a resource created by Microsoft Regional Director Troy Hunt, who the NCA had enlisted to investigate the exposed credentials.
“Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown. The fact that they had been placed on a U.K. business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other third parties to commit further fraud or cyber-offenses,“ said the NCA.
Meanwhile, Veridium Chief Operating Officer Baber Amin expressed surprise and concern over the absence of more than 200 million of the exposed passwords in HIBP. “It points to the sheer size of the problem, the problem being passwords, an archaic method of proving one’s bonafides,“ said Amin.
Ahead of its imminent approval, the Biden administration's proposed executive order mandating U.S. cloud infrastructure-as-a-service providers to strengthen the verification of their users' identities has received industry opposition due to the increased financial and logistical burdens that would arise from such a rule, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.
A look back at the Heartbleed bug and measuring its’ legacy, impact and how some view one of cybersecurity’s biggest headaches as an important learning moment.