Half a million VPN passwords leaked - Has your info been compromised?

We all know the dangers of data breaches. When large caches of information are leaked, victims are at risk of many serious issues, including identity theft and other costly and frustrating cybercrime. Tap or click here for details on a recent breach that hit a wireless carrier.

In many cases, the stolen information is put up for sale on the Dark Web. But in a recent data leak impacting users of a popular VPN service, hackers released the stolen data to the public for free.

The stash of information isn’t a small amount, either. Through investigations, it was determined that nearly 500,000 login details had been compromised. Keep reading to see if your data was exposed.

Here’s the backstory

Without going into much of the technical details, a hacker named Orange breached the Fortinet VPN service. While it isn’t exactly clear when the breach occurred, it contains the login credentials for 498,908 users and the IP addresses of over 12,856 devices.

Bleeping Computer says that it spans users from 74 countries, with India making up the bulk of the compromised logins. Taiwan makes up 8.4% of the stolen data, while Italy accounts for 7.9%. Of the 12,856 compromised devices, 2,959 are from the U.S.

The hacker seemed to have used a vulnerability that the Cybersecurity and Infrastructure Security Agency (CISA) warned against in April this year. The agency highlighted three major flaws in Fortinet’s systems, which can be used to breach government and commercial businesses.

What you can do about it

The flaw, which has been given the designation of CVE-2018-13379, has thankfully already been patched. But that doesn’t mean that everybody is safe from future attacks. Independent investigations confirmed that some of the exposed login details are still valid.

If you use the Fortinet VPN service, you must immediately change your login details. It is always a good idea to change your password for any service after a data breach or leak.

Administrators of Fortinet VPN servers should perform a forced reset of all usernames and passwords. It would also help to check the intrusion logs for attempted access.

Another solution is to use a VPN service that you can trust. Kim uses and recommends our sponsor, ExpressVPN. ExpressVPN works for Mac, Windows, Android, iOS, Linux, routers and more.

Continue reading

How to use Have I Been Pwned? to see if your info is floating around the web

Data breaches are almost always catastrophic events for privacy and security. Not only can millions of people end up with their personal data exposed, but these breaches can also spiral even further out of control once hackers start testing leaked passwords and email addresses on other platforms.

Continue reading

$75 million

Record ransom, paid to ransomware gang Dark Angels. This fairly new gang goes after some of the largest companies in the world. Once they’ve hacked into a database, they send a ransom note threatening to expose the stolen data on their site, Dunghill Leak. They say they’re “making the world more secure.” I’ll tell you one thing they’re definitely making: A boatload of money.

Facebook security warning: Thousands of passwords stolen

Stolen social media accounts are a hot commodity on Dark Web marketplaces. The average Facebook account sells for about $74.50, making the social network a priority target for phishing scams and cybercriminals.

Phishing campaigns make it easy to steal large quantities of login credentials at once. All scammers need to do is create a fake login page and trick victims into signing in. Tap or click here to see a copyright notice phishing scam targeting Facebook users.

Continue reading

A sneaky type of fraud is skyrocketing - here's what to do if it happens to you

Scammers shopping for stolen data on the Dark Web have found a scary new way to make money: unemployment fraud. With enough personal data and a viable Social Security number, it’s easy to apply for benefits.

Earlier in the year, states were having a hard time getting benefits to unemployed workers. The wait times are much shorter now, and scammers take advantage of it to avoid being noticed. Tap or click here to see an app that speeds up the process.

Continue reading

5 answers to common tech questions, revealed

A woman called her company’s tech support desk, and the technician asked for her password. She replied, “Snow White Cinderella Snoopy Dopey Pinocchio Harry Potter Ariel 5.” The technician said, “That’s a great long password.” The woman replied, “Thank you! I was told my password needs to have seven characters and one number.”

Continue reading

10 security myths you should stop believing

Cybercrime is one of the fastest-growing criminal enterprises in this era. It makes around $1.5 trillion in profits a year — and that’s a liberal estimate, according to a 2019 study. So, what are some of the most profitable goods, so to speak, that are sold online? It turns out that stolen data is at the top of the list. This data comes from companies, organizations, and even people like you. 

Continue reading

This data breach happened 5 years ago, now victims are being targeted

Data breaches are just one step in a multi-pronged attack on your digital life. When your personal information gets stolen, that’s usually only the opening salvo. What follows after can be anything from targeted harassment and spam to full-blown ransom emails.

Continue reading

Identity theft warning: 30 million credit card records for sale on the Dark Web

Security breaches are no fun for anyone except hackers. Data has become so valuable to advertisers and scammers alike that email addresses alone can fetch a hefty price on the shadier parts of the web.

It happens like clockwork: A flaw is discovered in a popular website or platform. Hackers undermine the system and infiltrate it. Then, the stolen data makes its way to a Dark Web marketplace, where anyone with bitcoin can have a go at your info. Tap or click here to see how 21 million stolen logins were sold this way.

Continue reading

617 million stolen accounts from 16 websites are now up for sale - are you at risk?

The year 2019 has not been a great one for cybersecurity. We have seen multiple breaches that have resulted in the personal information of millions of people being sold on the dark web. Well, unfortunately, it’s happened again. This time, it’s impacting over half a billion people.

Continue reading