Clean it up hiro….

OUT NOW: my most in depth investigation yet

in this article we see just HOW little a company handling highly sensitive data can care about security and yes it's even worse than you think

content warning: mentions of abuse/controlling behaviour

support me on ko-fi if you like my work and want to read (non-hacking) articles early!

Because better safe than sorry you should all change your Google, Apple, Facebook, GitHub, and Telegram passwords due to the massive data breach.

A massive data breach has exposed sensitive personal information on thousands of Israeli gun owners.

This information, which includes identities, addresses, and firearm details, is now available online.

"District Judge Matthew Barrett told former Mesa County Clerk Tina Peters — after earlier sparring with her for continuing to press discredited claims about rigged voting machines — that she never took her job seriously.

“I am convinced you would do it all over again if you could. You’re as defiant as any defendant this court has ever seen,” Barrett told her in handing down the sentence. “You are no hero. You abused your position and you’re a charlatan.”

Jurors found Peters guilty in August for allowing a man to misuse a security card to access to the Mesa County election system and for being deceptive about that person’s identity.

The man was affiliated with My Pillow chief executive Mike Lindell, a prominent promoter of false claims that voting machines were manipulated to steal the election from former President Donald Trump. The discredited claims trace back to Trump himself, whose supporters attacked the U.S. Capitol because of them and who still hints at them in his third run for president."

source 1

source 2

source 3

Nova Scotia’s electric utility says data stolen from its customers includes credit histories, social insurance numbers and information on driver’s licences and bank accounts. In an update today, Nova Scotia Power says some customers’ names, ages, phone numbers, as well as email, mailing and service addresses may have also been taken.

Continue reading

Tagging: @newsfromstolenland

Can we protect Minnesotans from the federal government

The company said its systems were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people’s information from a feature known as DNA Relatives. Users opt into sharing their information through DNA Relatives for others to see. 

...

The full picture of why the data was stolen, how much more the attackers have, and whether it is actually focused entirely on Ashkenazim is still unclear.

...

Callow notes that the situation raises broader questions about keeping sensitive genetic information safe and the risks of making it available in services that are designed like social networks to facilitate sharing.

...

“This incident really highlights the risks associated with DNA databases,” Callow says. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

Yeah, so, don't reuse passwords, and be careful what kind of information you share purposefully or opt in to passively sharing.

Jesus fucking Christ.

EAT THE RICH

Big if true.

If you use the same email for everything, that email and every account associated with it is probably compromised due to this.

wait what? what exactly does this entail?

Recently, the Internet Archive faced a severe security breach that leaked the account info of all of its users.

Longtime security researcher Troy Hunt, who runs the data-breach-notification website Have I Been Pwned (HIBP) also confirmed that the breach is legitimate. He said it occurred in September and that the stolen trove contains 31 million unique email addresses along with usernames, bcrypt password hashes, and other system data.

(via Wired)

What this means is that the email address and password you used for your Internet Archive account is public information. (You can check Have I Been Pwned to see if your info is a part of this breach, but assume that it is.)

Most people use the same password for most things. Let's imagine you have a pretty secure password, like th1sISap@ssw0rd!!. This follows all the contemporary rules for passwords: it has lowercase and uppercase letters, numbers, and symbols, and is decently long. So let's say you use this password for your Internet Archive account, and your email address, but your Discord account has a different password.

Someone can look at your leaked info from the Internet Archive and try your password on your email. Now they have access to your email address. That's a very bad thing, since most services online use your email address to confirm that you're who you say you are. Now they can also access your Discord account by sending a password reset request. And Discord account hacks are actually pretty common. Not via these means, for the record: most Discord account hacks take place over Discord itself, usually as a fake link posing as some "oh no I reported you and now you need to contact staff to undo it" (pro tip, if anyone ever says that, they're lying. Social media staff know what misclicks are and also most social media uses an algorithm anyway).

With your Discord account, they can now pose as you - a known legitimate user, who people will want to trust - to try and scam people. Not great. Also, you probably don't want other people to have access to your account.

So, what should you do about it?

Change your email account password. All of your passwords should be unique to that account, but especially email, since it's the 'hub' of logins and if someone has your email they can just send a forgotten password request.

If you have a phone, you can set up two factor authentification. What this means is that you authenticate that you're the owner of the account via one factor, your password, and then an entirely separate factor, your phone. If someone wants to hack something with 2FA, they first need to figure out your username & password, and then guess your 2FA code. Most 2FA codes reset every 30 seconds, so even with brute forcing it's nearly impossible and not worth it.

Stop using the same password for everything! I understand why people do this & there's no shame in it but the more similar your passwords are, the more at risk you are after pwnage. There are plenty of password managers out there: I personally use Bitwarden. Your browser's native password manager is probably fine, but you've got to start taking its suggestions when it wants you to use an ultra-secure password that you'd never be able to remember. Pro tip: You don't need to remember it. The password manager will remember it for you. Bitwarden has a mobile app if you need to login to stuff on your phone, and it also lets you easily carry passwords between computers.

I'd also recommend going through and seeing if you can delete old accounts for websites you no longer use. Having less accounts reduces your risk of being pwned simply because there's less datasets you're in that could be pwned.

I hope this helps ^^; & keep in mind that being pwned is not the end of the world. Even with your info being out there, someone's still got to choose your account of the 31 million that got breached in the Internet Archive leak. Additionally, your accounts might not even be compromised at all - I'm pretty sure I'm fine even though my email was in the leak, since I have a unique password and 2FA for my email, and unique passwords for all my other accounts too.

BTW TERFS & radfems die in a fire 💖

"In their statement on Friday, NPD warned that the “the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).” It recommended the public to take a number of steps to safeguard their identities, including freezing their credit and putting fraud alerts on their files at big credit bureaus.

The breach came to public awareness after a class-action lawsuit was filed August 1 in U.S. District Court in Florida, which was first reported by Bloomberg Law.

National Public Data did not share how many people were at risk, but hackers, who have been identified as part of the hacking group USDoD, have been offering, for sale, what they claimed were billions of NPD records since April, though the Washington Post reported that “security researchers who looked at the trove said some of the claims were exaggerated.”"

source 1

source 2

source 3

free database created by Pentester to see if your information has been leaked

The reason I care about being in Cybersecurity runs much deeper to me than income.

I remember being 11 years old on YouTube and suddenly my video was bombarded with hundreds of antisemitic insults and threats. I knew I wasn't safe online.

If you are from Jewish descent please look into your OPSEC as soon as possible. The online interactions and influence isn't worth your safety. Form a community through decentralized and encrypted platforms to keep yourselves safe, please.

All Calgary Public Library locations closed early on Friday after a cybersecurity breach compromised some systems, according to a spokesperson. All locations were shut down as of 5 p.m. The library says the closures are a proactive measure to mitigate the potential impact. All servers and computer access will also be shut off in addition to the closure of library locations. "Data security is a key priority for the library and our security team is working diligently to determine the scope of the breach," a library spokesperson said in a release. 

Continue Reading

Tagging: @newsfromstolenland, @abpoli