Hacked

Russian Hackers Compromise 4.5 Billion Records

Hold Security had warned the media outlets that a gang of Russian hackers have gained access to 4.5 billion email addresses and passwords.

The Milwaukee based security firm estimates that 420,000 web and ftp sites, including some Fortune 500 company sites, have been compromised. But details on what specific websites were compromised were not released.

The New York Times have claimed to have had the information analyzed by a security expert not affiliated with the security firm who confirmed the authenticity of the database of stolen information. And The New York Times have also reported that some of the companies involved are aware of the situation.

Most of this information was gathered via a botnet, a collection of interconnected computers that have been infected with a virus that collects and forwards information to individuals who either sell it or use the information to send unsolicited commercial email or gain access to web sites and credit card information.

According to Hold Security the most vulnerable users are those that use a generic password on multiple sites, whose generic passwords can be used to gain access to sites that are not in the records.

They had found that out of the 4.5 billion records, only 1.2 billion had unique passwords so the firm suggest the use of more secure, unique passwords.

An individual password should not be used on multiple sites and a combination of letters (in upper and lower caps), numbers and special characters (punctuation, symbols, etc.) should be used to prevent predictability.

The use of a frequently updated anti-virus program also helps keep individual computers from being infected with viruses that keep track of the passwords used.

Important Message For PC Users

Microsofticon will be ending their support for XP on April 8th, 2014.

This means that you have a month to upgrade to retain support for your PC.

Their will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates for this operating system so upgrading to Windows 7icon or Windows 8icon is recommended.

Please note that an upgrade to Windows 8.1icon is provided free to those upgrading from XP or Vista to Windows 8icon and that file backups are recommended prior to upgrading.

Microsoft Store

Suspended Membership Phishing/Hacking Scam

There appears to be a new Netflix scareware scam going around and I thought I’d inform you as to how it works.

Basically victims are sent a fake email directing victims to a fake Netflix site where members are asked to enter their email address and password.

Once entered this information is captured by the criminals and victims are then forwarded to another fake page claiming their account had been suspended.

This fake page then urges victims to call an 800 number to reinstate their membership which actually directs individuals to a call center in India, where fake Netflix technicians are waiting to continue their con.

When victims call this 800 number they are told that their computers have been taken over by hackers and are asked to download software to remove the hackers and/or clear their computers of viruses.

This software enables the fake Netflix technicians to access your computer and all the sensitive information found on this computer’s hard drive. But access to Netflix and your sensitive information is not the only objectives of this scam.

Victims who have gone through this process are also asked to pay for the privilege of being violated.

They are asked to pay for the clean-up, a five year membership for an anti-virus program and a five year membership for a firewall.

In exchange for payment by credit card the fake technicians offer a coupon code for a discount on Netflix membership. But not only do they request credit card information for payment but also ask their victims to send photo identification to them.

This information of course enables them to steal identities, as well as to defraud their victims through their credit card. And Netflix members will not likely be the only target because it can be adapted to target any online membership.

The best defense against this scam is to ignore the links and phone numbers provided in these emails and contact a company directly via their web site.

If there are real issues with your account at a particular company their customer service department should be able to help you.

I bookmark the sites I access the most in my internet browser and use those links instead. And using spam filters on your email also helps because some filters will keep these phishing attempts out of your inbox if enough people label it as spam.

Most webmail sites have spam filters and you can install free spam filters for your PC by clicking on the following logo :

Award-winning anti spam filter

Yahoo Users – Change Your Passwords

It appears that an older part of Yahoo’s systems had been left exposed resulting in a security breach that could have compromised over 400,000 accounts.

To change your password, login and click on your user name on the top left of your screen. You will be given an option to change your password in the following screen, after having been prompted to login again.

Click here for information of how to create a strong password for Yahoo.

Sega Pass Hacked

An undisclosed amount of Sega Pass users have had their personal information stolen, along with encrypted password information.

Email addresses and birthdates were compromised and Sega Pass appears to be offline. The incident happened last Thursday but no details in regards to the network’s Canadian users have been published.

Sony Ericsson Hacked

Sony Ericsson‘s Canadian site has been hacked and information from 2000 of this company’s customers have been posted online.

Though the information doesn’t include credit card information, names, email addresses and passwords have been exposed.