For the latest in Cyber Security & Hacking news, check out episode 3 of the Myki Security Report:
17 Million Zomato Accounts Sold on Dark Web:
India's largest online restaurant guide Zomato has confirmed that the company has been hacked and that the accounts of 17 Million of its 120 Million users have been stolen from its database.
The accounts are being sold on the dark web for $1017 dollars and the stolen account information includes user email addresses as well as hashed passwords.
What is a hashed password? Hashing a passwords is transforming any password into a random sequence of characters. The hashing process is irreversible. A hacker can compare the hashes of a password from the list of most common passwords with the hashes they have stolen from Zomato and deduce a user’s password.
It seems that Zomato is downplaying the threat in saying that even with access to those hashed passwords it wouldn’t be easy for a hacker to crack. Perhaps Zomato is unaware of the fact that these days hackers are using more sophisticated methods like cloud computing, which enables them to decrypt even a 15-18 character passwords within just few hours, which means that there is no guarantee your passwords will not eventually get cracked. Zomato stressed that the breach did not compromise any payment card data, as the financial information of customers is stored in a separate database.
If you have an account on Zomato, I highly recommended you change your password as soon as possible, along with other websites that are using the same password. Make sure to choose unique passwords for different accounts.
We can’t put the entire blame on Zomato, because we as users should make sure that we are using strong complex alphanumeric passwords that we change on a regular basis, and while it is annoying to create manage and remember complex passwords for different websites, one solution is to make use of a password manager like (Drum roll) Myki!
Download the Myki Password Manager & Authenticator on Android and iPhone here: https://myki.co/download
When it comes to fighting off computer viruses and malware attacks, holy water is probably one of the last resorts, but when all tech solutions have failed, a divine intervention is urgently needed!
The world has barely recovered from the panic caused by the recent WannaCry ransomware attack which affected more than 150 countries in the world. Russia’s top religious priest, the Patriarch of the Russian Orthodox Church has allegedly made an urgent trip to the Russian ministry of internal affairs to bless the computers with holy water in hopes of helping them cope with the WannaCry ransomware. WHAT?!
In more useful ransomware news: Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware through the decryption tool, named WannaKey which will unlock your files without you having to pay the ransom.
In a statement he made, Guinet said that:"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work, and so it might not work in every case!".
In more good news: Another security researcher, Benjamin Delpy, developed an easy-to-use tool called "WanaKiwi," based on Guinet's findings, which simplifies the whole process of the WannaCry-infected file decryption.
All victims have to do is download the WanaKiwi tool from Github and run it on their affected Windows computer.
Your next password could be an emoji:
Would you rather unlock your smartphone with a plain four-digit PIN like “2476” or with a “🐱💦🎆🎌” emoji?
A team of researchers have developed EmojiAuth, an emoji-based login system for Android smartphones. 53 participants took part in a field study to test the ease and security of such an idea. The first group of 27 people selected a passcode made up of 12 emojis, and the remaining 26 people picked a numeric PIN.
After practicing entering their new passwords several times, they were asked to return a week later to re-enter their passwords into a test smartphone. PIN users remembered their passwords slightly more often, but the people who used emoji passcodes reported having more fun entering their codes.
At the end of the field study, the security of emoji passcodes was tested by asking participants to “Shoulder Surf”,(Peeking over the researcher’s shoulder while they entered a passcode).
The study found that emoji passcodes consisting of six randomly selected emojis were hardest to steal over a user’s shoulder than a numerical sequence.
Can we just stick to fingerprint authentication please!?
The Myki Security Report is brought to you by the Myki Password Manager Team.