Facebook leaks millions of Instagram passwords

2018 – What a year was it for Facebook! Data scandals and security leaks, issues from Cambridge Analytica and trails by authorities, Facebook have gone under every shit it’s connected with.

And the problems just keep coming in 2019. And in this year, it seemed to have enough already by internal probs, where is announced in a blog post last month saying, “Millions of users passwords were stored in a readable format in their databases!”

Just a day after the social networking giant admitted that it "unintentionally" uploaded email contacts of nearly 1.5 million of new users, Facebook has now revealed that it exposed millions of Instagram users' passwords in a data-security lapse. The password exposure is part of the security breach that was first reported last month by Krebs on Security. Admitting the security blunder, Facebook has said that the company it stored passwords of millions of users in plain text on its internal servers.

However, at that time Facebook claimed that “hundreds of millions of Facebook Lite users” and “tens of millions of other Facebook users” have been affected. Incidentally, the company has chosen just to update the old blog post while making the new revelation. "This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way," a Facebook spokesperson said in a statement. Here's all you need to know about this latest 'password leak' from Facebook ...

The process was unintentional – according to Facebook – and happened when users were prompted for their password as part of a security verification process. It's been going on since May 2016 but Facebook says its now deleting all the scraped data.

In the updated post Facebook says: We will be notifying these users as we did the others.

Aadhar Data of More Than 2 Crore Punjab Residents Found on Hard Disks



The ongoing investigation by The Special Investigation Team (SIT) on the Aadhaar data theft of around 7.82 crore people residing in Telangana and Andra Pradesh has led to the discovery of a hard disk containing the Aadhaar data of 2 crore Punjab residents, as per The Tribune reporting.

The hard disk containing data has been recovered from a Hyderabad based IT company, It Grids (India) Pvt Ltd and consequently it has been registered for unlawfully possessing the Aadhaar data of 7.8 crore residents and exploiting the same. The company is also known for building the official TDP app, "Seva Mitra".

With the further discovery of 2 crore Aadhaar data records, the breach which initially estimated around 7.8 crores, went up to 9.8 crores. The investigating agency is looking into the obvious question which arises— why would a Hyderabad based IT company want to store Aadhaar data of Punjab residents? Notably, the Unique Identification Authority of India (UIDAI) has already reasserted the secure condition of its data servers. Though UIDAI  stood strong for the security of its servers, Police seemed to have contrasting opinions and filed a case where the theft of Aadhaar data has been proven scientifically.

Defending their stand, “Mere possession and storage of Aadhaar numbers of people, though it maybe an offense under the Aadhaar Act under some circumstances, does not put the Aadhaar holders under any harm in any manner whatsoever. For accessing any Aadhaar-based service, biometrics or one-time password (OTP) is also needed,” the UIDAI said.


Teen sues Apple for $1 billion over Face-recognition software




A student in New York has sued Apple Inc for $1 billion, over the company’s facial-recognition software which falsely linked him to a multiple of thefts from the Apple stores. 

According to the victim, Ousmane Bah, 18,  he was arrested from his home in November and was charged with stealing from an Apple store. 

In a law suit filed by him on Monday, states that even the photo on the arrest warrant didn’t resembles him, and the theft he was charged with, in Boston, took place on the day in June he was attending his senior prom in Manhattan.

It is not clear yet how real thief is using his identification details in the Apple store. However, he did admit that he lost his a non-photo learner’s permit, which may have been found or stolen by the thief and being used as identification proof in Apple stores. 

As a result, the victim claim that his identification details are  connected to the thief’s face in Apple’s facial-recognition system, which he said the company uses in its stores to track people suspected of theft.

“He was forced to respond to multiple false allegations which led to severe stress and hardship,” states the complaint.



New Malicious Campaign Discovered Attacking Public and Private Entities via DNS Hijacking




A new malicious campaign called "Sea Turtle," as of late discovered by researchers allegedly, is said to have been attacking public and private elements in different nations utilizing DNS hijacking as a mechanism.

Moreover the campaign is known to have compromised no less than 40 different organizations across over 13 different nations amid this vindictive campaign in the first quarter of 2019.

Since DNS hijacking is a sort of malevolent attack that redirects the users to the noxious site by altering the DNS name records when they visit the site by means of compromised routers or attackers affecting a server's settings.

The attackers helped out their work through very industrious strategies and propelled apparatuses in order to gain access to the sensitive systems and frameworks as smoothly as possible.

By focusing on two distinct groups of victims they are focusing on a third party that is known to provide services to the primary targets to effectively play out the DNS seizing. The main aim of the attackers behind "Sea Turtle" is to ultimately aim to steal the credentials so as to access the systems and frameworks in the following manner:
  1.        Via establishing a means to control the DNS records of the target.
  2.        To modifying DNS records in order to point legitimate users of the target to actor-controlled servers.
  3.        To capturing legitimate user credentials when users interacted with these actor-controlled servers.
Researchers said that they "assess” with probably high certainty that these hijacking attacks are being propelled by an advanced, state-sponsored actor hoping to get to the sensitive systems and frameworks.

To ensure against these DNS hijacking attacks, the organizations are currently attempting to execute a registry lock service, multifaceted verification (to access the DNS records), and obviously keeping up to date on the patches, particularly on the internet facing machines.



100,000 Most Hack-able Passwords and Tips to Steer Clear of Them!




Keeping a password is an essential requirement and it stands a high stand in keeping a person’s private life, Private.

The need emerges from the necessity of keeping your stuff (any sort) locked away from people who don’t need to see it and from people who got no business of seeing it.

Hence, looking and raking for that almost perfect password is super necessary. Especially with all these hackers and cyber-cons always round the corner.

One thing to always keep in mind is that if a password is even mildly easy for a user to keep in mind, it is super easy for a hacker to hack.

Per the UK’s Cyber Security Center Breach analysis, the password, “123456 was found to be used 23 million times during breaches.

That password was followed by a “12345678 in the list, which was found to be used around 7 million times in the breaches.

The most horrendously obvious password used are, “123456” and “password”.

Other passwords on the list were, “ashley”, “michael”, “qwerty” and “1111111”.

The following is the link to the top 100,000 most hack-able passwords.



A Few Tips!

1.    A strong password should have at least six characters which include a combination of upper cases, lower cases, symbols and number.

2.  If your passwords happen to match with the ones in the list change them as soon as possible.

3.  The very first step to take could be thinking of difficult to guess passwords by combining memorable plus random words.

4.  The more creative the password the safer the account it protects.


5.  Complexity is a must.

6.  Enforce strong password policy on every account possible.

7.   Check the password regularly and use 2FA (Factor Authentication) for major sites, accounts especially emails etc.

8.  All the passwords should be unique for all the different sites and accounts.

9.  All the default passwords must be changed because the IT department always has a list.

Other ways of protecting include using a password manager for less important websites and accounts.