Security Alerts & News
by Tymoteusz A. Góral

#845 Hackers stole 65 million passwords from Tumblr, new analysis reveals
On May 12, Tumblr revealed that it had just found out about a 2013 data breach affecting “a set” of users’ email addresses and passwords, but the company refused to reveal how many users were affected.

As it turns out, that number is 65 million, according to an independent analysis of the data.

Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set.

Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. (Tumblr did not immediately respond to a request to confirm the figure).
#844 Reddit forces password reset of 100,000 users
Reddit is enforcing the reset of 100,000 user accounts in the wake of a stream of hacked accounts.

A "general uptick" in account hijacking and takeovers, mainly by malicious -- and spam-based -- third-parties has prompted the move, according to the forum.

In a blog post this week, Reddit said that the increased rate of account takeovers comes on the heels of recent password dumps, such as the LinkedIn data breach which led to the release of data belonging to millions of users.

Reddit itself has not been compromised. Rather, password dumps, weak password choice and reusing the same account credentials for different sites are contributing to the problem.

"We've ramped up our ability to detect the takeovers, and sent out 100k password resets in the last 2 weeks," Reddit says. "More are to come as we continue to verify and validate that no one except for you is using your account."
#843 Fearing forced Windows 10 upgrades, users are disabling critical updates instead
“I fear some segment of consumers will turn off Windows Update as a result,” Wes Miller, research vice president at Directions on Microsoft, told me. “Which is a very bad side effect.”

Indeed it is. Windows Update delivers critical updates to your PC, plugging holes in the operating system and slamming the door on potential hack attacks. Keeping your operating system patched is a crucial part of staying secure on the modern web. That’s why PCWorld and many other technology experts advise users that the best course of action is usually to leave the Windows default intact, letting the OS download and install Recommended updates automatically. Doing otherwise is dangerous, unless you’re an expert yourself.

Using that critical avenue to push Windows 10 on people—pardon, “make it easier for consumers to upgrade to Windows 10”—violates the trust people hold in the sanctity of Windows Update. And, yes, as a direct result of Microsoft’s actions, at least some people are disabling Windows Update on their Windows 7 and 8 PCs.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12