If you’re a Gmail user, you should take preventative measures (change your passwords and enable two-factor authentication) in the wake of a large breach that hit the Internet just hours ago. BreachAlarm has obtained a copy of the leaked data. Containing just under 5 million stolen passwords, primarily associated with Gmail email addresses, this is the fourth largest confirmed breach in our history to date.

The leak by Russian hackers was detected after the data was posted to a freely-accessible Russian Bitcoin forum. Email accounts offered by Russia’s largest search engine, Yandex, were also included in the data spill, although Gmail addresses made up the overwhelming majority.

While the forum moderators hastily censored the file and removed the passwords, there is little doubt that the intervention came too late for quite a few accounts.

Read More

By now, just about everyone with a functioning television, radio or router has become aware of the latest celebrity hacking scandal to sweep Hollywood. Upwards of a dozen celebrities have come forward in the last few days to confirm the theft of their private photos, though some leaked lists found online suggest that over 100 celebrities may have been victims of the data theft.

This developing story is so far turning from a standard celebrity phone hack to a large data leak with quite far-reaching implications, most particularly for Apple and its highly popular iCloud backup and storage service.

At this stage, it’s difficult to sort the rumours from the hard facts. At BreachAlarm, we’ve been working hard to bring you what’s actually known about the hack, as well as what it means for the average user with an iCloud account.

So, here’s what we do know: overnight, Apple has issued a press release in response to the incident, stating that the compromise was a targeted attack and not an indictment of the security of its iCloud or Find My iPhone services. It also offers some words of advice for its users: namely, having a strong password and enabling two-factor authentication.

However, according to a new article by security expert Nic Cubrilovic, there is little that the celebrities involved could likely have done to stop the attacks, with a few security bugs lurking within Apple’s authentication system possibly at fault.

Read More

The other shoe may have dropped in the story of the CyberVor hacked account database that BreachAlarm first reported on nearly a month ago. Popular domain registrar Namecheap has today observed a flood of activity on its login servers, and it claims this is likely the first known attack using the stolen credentials stored in the CyberVor database.

Namecheap’s analysis of the login traffic indicates that it’s an automated system working its way through an enormous list of login credentials, most of which are incorrect because the user does not have an account with Namecheap, or because the user is using a different password on Namecheap. It is as yet unclear why Namecheap believes this is linked to the CyberVor database reported on last month, specifically, as opposed to some other large list of stolen passwords.

Namecheap has taken steps to block as much of this automated login traffic as it can, which will frustrate the hackers’ attempts to capitalize on this password list. It is likely, therefore, that other popular domain registrars may be targeted in days to come.

Read on for our advice on how to protect yourself.

Read More

Last week, we covered hard drive encryption: what it is, who it’s best for, and some of the ways that you and your data can benefit from the extra protection it provides.

While full-disk encryption might be the security gold standard, if the prospect of encrypting your entire disk is just a little too daunting, you don’t have to miss out on the benefits.

Opting to encrypt only those files and folders containing sensitive data strikes a great balance between convenience and security. It’s also something that just about any computer user can do for their important documents – in many cases, it’s just as essential as backing up your files. (Please tell us you’re backing up your files!)

To make the selection process easier, we’ve compiled a list of examples as to what generally needs encrypting. But first, a mandatory disclaimer: this list is in no way exhaustive. Many exceptions abound, but getting a good idea of what to encrypt is a great first step. In general:

Read More

It’s a concept nearly as old as written communication itself, dating back to Ancient Egypt. Now, this age-old idea keeps us safe in nearly every aspect of our online lives.

What is encryption? Put simply, it’s a way to keep prying eyes off your data. When using your credit card to shop online, your computer encrypts your information and makes it unreadable to anyone who might intercept the transfer. Once your information gets to its intended recipient, it can then be decoded and viewed as normal. Only those with the ‘key to the code’ are able to make sense of the transmission.

You can apply encryption to almost everything in your digital life, from securing your files with passwords, to encrypting emails, securing your cloud storage and beyond. In this post, we’ll look at the ins and outs of encrypting your computer’s hard drive, and why you might consider turning your computer into a digital Fort Knox.

Road warriors take heed: your Windows or OS X login password isn’t enough to secure your data. Should your laptop ever be stolen, thieves can simply remove your computer’s disk, connect it to another computer and gain instant access to your information.

If you have sensitive information on your laptop, disk encryption is a great idea. Check out our steps below for enabling it on your laptop.

Read More