GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens …
A look at the booming market for bots that steal 2FA codes, often using SMS services like Twilio, to break into Coinbase, Amazon, PayPal, and bank accounts
The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. — Joseph Cox Tweets: @josephfcox , @motherboard , @rzol , @josephfcox , @josephfcox , @jos...
Twitter transparency report: only 2.3% of active accounts have enabled 2FA between July and December 2020; 79.6% of those who did used SMS-based 2FA
Sergiu Gatlan / BleepingComputer :
Investigator says hackers breached Colonial Pipeline through a VPN account whose password has since been discovered inside a batch of leaks on the dark web
🍿 Gangster Coworking CNN : Ransomware attackers used compromised password to access Colonial Pipeline network Kim Lyons / The Verge : Hackers reportedly used a compromised password in Colonial Pipelin...
Researchers have discovered a flaw where any user can deactivate another user's WhatsApp via multiple 2FA requests and emailing support to deactivate account
A nasty new surprise for WhatsApp's 2 billion users today, with the discovery of an alarming security risk.
Nintendo says 160K Nintendo accounts were compromised since the beginning of April using credentials obtained illegally by “some means other than our service”
We would like to provide an update on the recent incidents … Tom Phillips / Eurogamer.net : Nintendo confirms up to 160,000 accounts accessed in huge privacy breach Lindsey O'Donnell / Threatpost : Ni...
Facebook has urged users to enable phone number-based 2FA, but the numbers are used in a user lookup feature with no opt out and to target ads, sparking outcry
and you can't opt-out. http://techcrunch.com/... Anil Dash / @anildash : Well put. It's doubly devastating when a major platform betrays user trust, because they not only victimize their own users, th...
Facebook has urged users to enable phone number-based 2FA, but the numbers are used in a user lookup feature with no opt out and to target ads, sparking outcry
Users are complaining that the phone number Facebook hassled them to use to secure their account with two-factor authentication …