Security Week 49: Hacking Dell and Marriott
Last week was marked by two major leaks of personal data of users. Dell company. identified 3r3633. intrusion into your own network. The addresses and names of clients, as well as hashed passwords, which were forcibly reset for all users, flowed away.
3r363 leak. in the hotel chain Marriott was bigger. Back in 201? hackers gained access to the Starwood Hotels customer database — this hotel chain was acquired by Marriott in 2016. 3r366. 3r376. 3r366. 3r376. Unauthorized access to the customer base was discovered only in September of this year. According to preliminary data, 500 million Starwood customers suffered, while 327 million guests lost their names, physical and electronic addresses, telephone and passport numbers, booking dates and other private information. This is a very serious leak, comparable to
attack 3r3633. on the yahoo service. 3r366. 3r376.
3r3633. 3r366. 3r376. In a fairly discreet
message 3r363. Dell’s website talks about detecting an attack on November 9th. For more than three weeks it was not possible to reliably establish the fact of theft of the user database; it is only known that unauthorized access to it took place. Forcefully resetting passwords for all Dell-registered customers is therefore an extra precaution. The company encourages its users to use strong passwords and not to reuse passwords on different services. 3r366. 3r376. 3r366. 3r376. It is interesting to look at
recommendations r3r363. Dell to create strong passwords. At least 8 characters, small and large letters, at least one number. Do not use obvious words, such as last name or street name. It is proposed to come up with a passphrase, from the first letters of which create a password. The reliability of password protection with the help of hashing on the company's side is also explained in detail: a specific algorithm is not disclosed, but it is reported that it was tested during an independent examination. 3r366. 3r376. 3r366. 3r376. In general, Dell is showing a good example of a cyber incident response: customers were notified, data leaks were stopped, a company was hired for a security audit, and law enforcement agencies were notified. And all this with a (presumably) small scale of data leakage, although this is not only a matter of passwords: the Dell customer list also has value and, alas, can be used for further attacks already on them. 3r366. 3r376. 3r366. 3r376.
study You can get an idea of the value of accounts of various services on the black market by the cybercriminal quotations of Kaspersky Lab expert David Jacobi. Accounts Netflix, Spotify, Steam go for a couple of dollars apiece at retail, and for a few cents - if in bulk. For $ 1? you can get 100 thousand combinations of email and password users from a particular country. Regular change of passwords and the use of a unique password for each service will definitely benefit everyone, regardless of the news of the next major hack. 3r366. 3r376. 3r366. 3r376. Disclaimer: The opinions expressed in this digest may not always coincide with the official position of Kaspersky Lab. Dear editors generally recommend to treat any opinions with healthy skepticism.
3r376. 3r376. 3r376.
It may be interesting
Pleasant data, significant and magnificent plan, as offer great stuff with smart thoughts and ideas, bunches of incredible data and motivation, the two of which I need, on account of offer such an accommodating data here.
Situs QQ Online