A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter […]
View More A popular WordPress plugin leaked access tokens capable of hijacking Twitter accountsCategory: multi-factor authentication
Two-factor authentication can save you from hackers
If you find passwords annoying, you might not like two-factor authentication much. But security experts say it’s one of the best ways to protect your online accounts. Simply put, two-factor authentication adds a second step in your usual log-in process. Once you enter your username and password, you’ll be prompted to enter a code sent […]
View More Two-factor authentication can save you from hackersHow to protect your cell phone number and why you should care
Assuming you have your strong passwords in place and your two-factor authentication set up, you think your accounts are now safe? Think again. There’s much more to be done. You might think your Social Security or bank account numbers are the most sensitive digits in your life. Nowadays, hackers can do far more damage with […]
View More How to protect your cell phone number and why you should careInstagram’s app-based 2FA is live now, here’s how to turn it on
If you’d like to be sure you’re the only one posting elaborately staged yet casual selfies to your Instagram feed, there’s now a powerful new option to help you keep your account safe. In late September, Instagram announced that it would be adding non SMS-based two-factor authentication to the app. Instagram confirmed to TechCrunch that […]
View More Instagram’s app-based 2FA is live now, here’s how to turn it onYes Facebook is using your 2FA phone number to target you with ads
Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads. Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure. Facebook’s confession follows a story Gizmodo […]
View More Yes Facebook is using your 2FA phone number to target you with adsDoorDash customers say their accounts have been hacked
Food delivery startup DoorDash has received dozens of complaints from customers who say their accounts have been hacked. Dozens of people have tweeted at @DoorDash with complaints that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. In many cases, the hackers changed their email addresses so that the […]
View More DoorDash customers say their accounts have been hackedWeak passwords let a hacker access internal Sprint staff portal
It’s not been a great week for cell carriers. EE was hit with two security bugs and T-Mobile admitted a data breach. Now, Sprint is the latest phone giant to admit a security lapse, TechCrunch has learned. Using two sets of weak, easy-to-guess usernames and passwords, a security researcher accessed an internal Sprint staff portal. Because […]
View More Weak passwords let a hacker access internal Sprint staff portalEpic Games just gave a perk for folks to turn on 2FA; every other big company should, too
Let’s talk a bit about security. Most internet users around the world are pretty crap at it, but there are basic tools that companies have, and users can enable, to make their accounts, and lives, a little bit more hacker-proof. One of these — two-factor authentication — just got a big boost from Epic Games, […]
View More Epic Games just gave a perk for folks to turn on 2FA; every other big company should, tooSIM swap hacker caught in Florida
Florida police have arrested a 25-year-old named Ricky Joseph Handschumacher. The young man is suspected of grand theft and money laundering. Handschumacher used SIM swapping techniques to steal thousands in Bitcoin and to “drain bank accounts,” according to security researcher Brian Krebs. Handschumacher’s scam was simple: He called telecom operators and asked them to swap […]
View More SIM swap hacker caught in FloridaHacker Kevin Mitnick shows how to bypass 2FA
A new exploit allows hackers to spoof two-factor authentication requests by sending a user to a fake login page and then stealing the username, password, and session cookie. KnowBe4 Chief Hacking Officer Kevin Mitnick showed the hack in a public video. By convincing a victim to visit a typo-squatting domain liked “LunkedIn.com” and capturing the […]
View More Hacker Kevin Mitnick shows how to bypass 2FAFIDO Alliance and W3C have a plan to kill the password
By now it’s crystal clear to just about everyone that the password is a weak and frankly meaningless form of authentication, yet most of us still live under the tyranny of the password. This, despite the fact it places a burden on the user, is easily stolen and mostly ineffective. Today, two standards bodies, FIDO […]
View More FIDO Alliance and W3C have a plan to kill the passwordTwitter adds support for app-based two-factor authentication
Twitter is rolling out an update to its platform security that will allow users to employ third-part authentication apps to receive a two-factor login authentication for their Twitter account. Twitter has offered two-factor for a long while now, but it’s used the less secure SMS-based verification method excessively until now. The third-party app support means you can use tools like… Read More
View More Twitter adds support for app-based two-factor authentication