Connect with us

Cybersecurity

Cybersecurity 101: Changing Your Facebook And Instagram Passwords Amid The Facebook Password Leak

Published

on

Cybersecurity 101

Facebook confirms Thursday last week that hundred and millions of user passwords were being stored in a “readable form” that allows thousands of its employees to access and understand it. While Facebook has already notified the users affected by the password leak, the California-based tech company has assured that none of its employees violated any privacy protocols in handling the exposed database.

Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.

Facebook said that the issue is an internal one. “To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati wrote.

There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he added.

Those who were affected by the said data leak are advised to change their passwords. And if you are one of those with an exposed password, you should do it now.

HOW TO CHANGE FACEBOOK PASSWORD

To change your password on Facebook if you’re already logged in:

  1. Click account settings in the top right corner of any Facebook page and select Settings.
  2. Click Security and Login.
  3. Click Edit next to Change Password.
  4. Enter your current password and new password.
  5. Click Save Changes.

If you’re logged in but have forgotten your password, follow the steps under Change Your Password then click “Forgot your password?” and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.

To reset your password if you’re not logged in to Facebook:

  1. Go to the Find Your Account Page.
  2. Type the email, mobile phone number, full name or username associated with your account, then click Search.
  3. Follow the on-screen instructions.

If you’re still having trouble resetting or changing your password, it’s better to contact Facebook support for help.

Furthermore, the leak also affected Instagram users. If you have been messaged by Facebook to notify you that your Instagram account was one of those with exposed passwords, you should also change your password as soon as possible.

HOW TO CHANGE YOUR INSTAGRAM PASSWORD

If you’re able to log into your account and know your current password, you can change it from your Settings:

  1. Go to your profile and tap the button in the top right.
  2. Tap Settings > Privacy and Security > Password.
  3. Enter your current password and then enter your new password.
  4. Tap Save or the check button in the top right.

Instagram also urges people to use strong passwords by using a combination of at least six numbers, letters and punctuation marks (like! and %).

While the concept of a “strong password” is clear to some, there are still people who create passwords that are relatively weak. The password strength indicator that some services have is not even accurate. If you’re one of those who is struggling to create a strong password, here’s a few tips.

HOW TO CREATE STRONG PASSWORDS

According to Chris Hofman, the following are the best practices to make sure that your passwords are strong:

Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.

Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.

Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.

Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

Conclusion:

If you have been notified by Facebook that your account password was included in the data breach, change it as soon as possible. Also, even if you’re not part of that breach, it’s also advisable to change your passwords as well (for an added layer of protection). All you have to remember is to make sure that your new password is stronger than your previous one. /apr

A Consumer Tech and Cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

Indictment Against Hackers Involved In Anthem Data Breach Unsealed

Two men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Click To Tweet

Published

on

Twor men are indicted for allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015.
The indicted individuals are allegedly part of a group of hackers from China linked in the Anthem Insurance data breach in 2015. Photo: Tim Reckmann | a59.de | Flickr | CC BY 2.0

Two men were indicted in the U.S. in connection with the data breach at the health insurance company, Anthem, that siphoned more than 78.8 million customer and employee records between 2014 and 2015.

The Justice Department recently unsealed an indictment against two people who prosecutors say are part of a sophisticated hacking network group, based in China that was behind not only in Anthem data breach, but also the attacks against three other US businesses.

While the Justice Department did not name the said Chinese hacking group victimized the three other businesses who they said, they said that these companies were “data-rich.” One was a technology business, one was in necessary materials, and the third was in communications. They said that all of these three companies store a substantial amount – and some confidential – of data on their servers and data networks.

The suspects are 32-year-old Wang Fujie with the Western name of “Dennis” and another one that until now remained unnamed. The Justice Department could not find the real name of the unnamed man but said that he goes by various online nicknames such as “Daniel Jack,” “Kim Young” and “Zhou Zhihong.”

The charges are one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two counts of intentional damage to a protected computer.

According to the indictment documents, the hacker group where Dennis and the unnamed man belongs have carried out attacks using “sophisticated techniques” including spearphishing and malware from February 2014 and up until around January 2015.

They allegedly sent tailored spearphishing emails with links to malware and sent them to employees at the target companies. Once the targeted employee opened the email, the system would get affected by the malware that would later plant a backdoor Trojan that gives the hackers remote access via their command and control servers.

Wang is also accused of having set up the servers, hosted in California and Arizona that were used in the Anthem attacks.

The cyber attack suffered by the insurance company has had them cough up large amounts of money as settlement, making it the most significant data breach settlement ever. In 2017, the company agreed to pay $115 million to settle a class action suit over the breach.

The Anthem attack is also the most massive health insurance data breach, and the amount of data lost to the hackers dwarfed the biggest data breaches in the following years with 11 million breached at Premera and 10 million from Excellus.

The DOJ through a press release and Assistant Attorney General Brian Benczkowski called the hacking event as “unprecedented.”

“The allegations in the indictment unsealed today to outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII, and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”

Meanwhile, another set of indictments were released by the Justice Department against European hackers over the hacking of different private and public institutions in the United States. Ten individuals were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday.

According to the officials who filed the charges, the malware, which enabled cybercriminals and hackers from Eastern Europe infiltrate computer systems remotely and siphon funds from victim’s bank accounts, targeted companies and institutions across all sectors of American life.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Continue Reading

Cybersecurity

Winnti For Linux: Researchers Found Linux Variant Of Malware Used By Chinese Hackers In 2015

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers. Click To Tweet

Published

on

A Linux version of Winnti malware was discovered by tech researchers from Chronicle. The malware was used in 2015 by Chinese hackers.
The discovered Linux malware bears significant similarities with its Windows counterpart. Photo: Christiaan Colen | Flickr | CC BY-SA 2.0

Linux systems are cybersecurity kings, but on a historic first, tech researchers have found a variant of a widespread malware, a favorite of Chinese hackers, have been discovered in a Linux system.

The discovery was made by researchers from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems. It was the malware used by Chinese hackers in the high-profile cybercrime against a Vietnamese game company in 2015.

Chronicle researchers said that they discovered the malware following the news that Bayer, one of the biggest pharma company in the world, had been hit by Chinese hackers, and the Winnti malware was discovered on its servers.

After the team scanned Bayer’s system using its VirusTotal platform, they found what appeared to be a Linux variant of the Winnti, dating back to 2015 when it was first used by Chinese hackers to attack a Vietnamese gaming company.

According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).

“As with other versions of Winnti, the core component of the malware doesn’t natively provide the operators with distinct functionality. This component is primarily designed to handle communications and the deployment of modules directly from the command-and-control servers. During our analysis, we were unable to recover any active plugins. However, prior reporting suggests that the operators commonly deploy plugins for remote command execution, file exfiltration, and socks5 proxying on the infected host. We expect similar functionality to be leveraged via additional modules for Linux,” said the researchers in their comprehensive report.

Lastly, the Linux version, just like the Window’s version, also has the ability for Chinese hackers to initiate communication with the infected host without going through the C&C servers – distinct characteristics in Windows Winnti.

“This secondary communication channel may be used by operators when access to the hard-coded control servers is disrupted,” Chronicle researchers said in a report published last week.

While infecting Linux systems is something already done especially by American and Russian hackers, it is also extremely rare, as pointed out by the Chronicle.

“Clusters of Winnti-related activity have become a complex topic in threat intelligence circles, with activity vaguely attributed to different codenamed threat actors. The threat actors utilizing this toolset have repeatedly demonstrated their expertise in compromising Windows-based environments. An expansion into Linux tooling indicates iteration outside of their traditional comfort zone. This may indicate the OS requirements of their intended targets, but it may also be an attempt to take advantage of a security telemetry blindspot in many enterprises, as is with Penquin Turla and APT28’s Linux XAgent variant,” added Chronicle.

Meanwhile, malware have become one of the most common tools to attack computer systems, even those of public institutions. A few days ago, ten Europeans were indicted for the malware attacks that have victimized several businesses and government agencies in the U.S.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday last week.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

Officials reveal that the malware in the current court case has infected more than 41,000 computers by disguising as legitimate messages or invoice and was sent as spam emails. Once the email was opened, hackers will be able to record all keystrokes in the infected computer, sweeping data like baking information and wire money away from the victim’s account.

Continue Reading

Cybersecurity

10 European Cybercriminals Charged For Malware Attacks In The US

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. The charges include facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy… Click To Tweet

Published

on

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US.
European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. Photo: Christian Cohen | Flickr | CC BY-SA 2.0

The tech world has agreed that ransomware and malware are becoming one of the most prolific cyber attacks in recent (more…)

Continue Reading

Today’s Latest

Our Voices

Silicon Valley Silicon Valley
Our Voice2 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice6 days ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice2 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending