Dark web users are freely sharing the ‘Star Tribune’ user data that was first sold by Shiny Hunters six months ago. That data, along with the Minted.com set, were protected by bcrypt hashing, so the passwords couldn’t be broken. This makes the data almost worthless for credentials stuffers, but they could still be used in phishing operations.
In May 2020, the notorious data broker “Shiny Hunters” put up a massive database for sale, offering 73.2 million user records from eleven companies. Among them, there was a set of one million user records belonging to ‘Star Tribune,’ the largest newspaper in Minnesota, USA. After almost six months since the pack is now shared for free on popular Russian-speaking forums on the dark web.
The newspaper had informed its subscribers that their passwords were encrypted since May, and the hashing algorithm used (bcrypt) is considered to be very strong. Thus, one explanation about the open leak of this data is that there was no value in it for hackers looking to engage in credential stuffing attacks. If you receive any unsolicited messages (email or SMS) making bold or weird claims, ignore them.
Still, having names, email addresses, home addresses, and phone numbers in the set is amazingly useful for scammers and phishing actors, and this is not the kind of data that can be reset like passwords. Also, even though the passwords were stored in a safe format, you should still reset them from anywhere you could be using them and pick something new, unique, and strong.
In addition to the ‘Star Tribune’ data, the same leaker shared the five million records of the Minted.com users, consisting of the same type of information. In that case, too, bcrypt was used to hash the user passwords, so this appears to be the common denominator that drops the value of that data down to “freely shareable.”
If you have any questions or concerns about this hack and how it affects you, Star Tribune is open to address them at 612-673-4343 or via email at firstname.lastname@example.org.
Researchers of the Cisco Talos team have discovered a number of critical vulnerabilities in the Synology Router Manager (SRM), which is an admin tool enabling Linux users to connect to Synology routers. As the report details, the identified flaws could be exploited by hackers in order to execute remote code on the device, access sensitive network information, and communicate with other devices connected to that same network.
The vulnerability that affects the Qualcomm LBD service (TALOS-2020-1065) has also been acknowledged and fixed by the chipmaker via an update.
Facebook has decided to tighten its vulnerability disclosure program’s period and has refreshed its policy on the matter. From now on, when the social media giant finds a security flaw, it will contact the developer and wait 21 days for their response. If they don’t receive an answer detailing exactly how the vendor is planning to mitigate the discovered problem, or if the response is in any way insufficient, too vague, or plainly wrong, Facebook will publicly disclose the vulnerability.
This discussion appeared on TechNadu.