Sony used a folder titled “Password” to save your passwords

sony_hacker_110603_620x350

Sony Pictures Entertainment is the most recent victim by hackers who leaked documents onto the internet, to include a folder titled “Password,” which was used to save thousands of company passwords. Sony is one of many recent hacks on corporate companies, which has publicly shamed them for poor security practices and solutions.

Not only were passwords stored in a very obvious folder, but additional files included social security numbers of 47,000 employees and actors, to include Sylvester Stallone, Judd Apatow, and Rebel Wilson. The “Password” folder included 139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands upon thousands of passwords to Sony Pictures’ internal computers, social media accounts, and web services accounts.

To make matters worse, the files located in the folder were primarily in plain text with not additional security or password protection. BuzzFeed dug into one file and found clearly-labelled usernames and passwords for major motion picture social accounts, spanning from Facebook to YouTube.

Sony corporate has remained quite regarding the security breach, although it’s employees spoke up about it’s “long-running lax attitude towards security.”

The source of the hack is still yet to be identified, but the primary suspect based on available evidence is that the attack originated in North Korea; however, the North Korean government denies any involvement and has publicly declared it will follow international norms banning hacking and piracy. This is amidst an uproar by North Korea over The Interview, starring James Franco and Seth Rogan, which served as a potential motive for North Korea to take action again Sony.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Password Negligence Could Cost SMBs $210,000 Annually

140618_money_gen_9

A Widemeyer survey in North America and the UK revealed startling data on password negligence among small businesses. Among the critical mistakes include continuously using the same password across multiple accounts, keeping a hand-written book of passwords, or not using passwords altogether to access work data. Identity management company Centrify claims that a company of 500 employees would lose $210,000 annually as a result of these mistakes.

The CommonKey team is a big supporter of small businesses – we urge all SMB owners to follow simple password management best practices to keep your company secure and to improve productivity. Made for teams, the CommonKey password manager is a tried-and-true way to keep help you protect access to your company.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

JPMorgan Hack – 76 Million Accounts Compromised

1409176916000-AFP-525801995

JP Morgan Chase Co, America’s largest bank, was hacked by cybercriminals; among the information leaked included personal contact information of individuals and small businesses. Luckily, the bank reports that bank account information was not leaked, but the very fact that one of America’s most powerful institutions was hacked has caused much uneasiness within the organization and among its customers. The source of the attack is unclear, although hackers in Russia and Eastern Europe have been among the FBI’s recent suspects. In response, JP Morgan announced in a letter that it would budget $250 million annually for security.

So what about the hacked customers? JP Morgan spokeswoman Trish Wexler advises that customers regularly check their bank accounts for suspicious activity. Customers should also be wary of spear phishing tactics, in which hackers trick customers into providing critical account information. Another helpful security precaution is to consider a security freeze, which prevents another user from trying to open a new account in a consumer’s name.

In many ways, the hacking acted as a reality check to both the bank and its customers, reminding us that anyone can be hacked. Going forth, we can expect greater security precautions from the bank, and bank users should develop regular habits to help keep financial security in check.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

The Key to My Company: ‘Password1’

email-hack

Password hacking, breaking into a company, viewing top-secret material – seems like the things only seen in the movies. Turns out you don’t need “1337hax” skills to do so when the top 10 corporate environment passwords are things like “password1” and “hello123.” The results of a recent study by the NetworkWorld via a series of Trustwave penetration tests of corporate environments environment in 2013 and 2014 resulted in an astonishing result of insecure and reused passwords for company accounts.

The article also reveals interesting insight into a hacker’s behavior and mannerisms. An astonishing 86% of hackers aren’t worried about getting caught, and even more interestingly, 51% do it just for fun or thrill. With so many passwords than can be hacked in just a few minutes, it’s not surprising that password hacking can become a fun little side hobby for any Average Joe.

What can you do to help prevent your personal accounts and company from getting hacked? The first step is creating strong and unique passwords for your accounts. You can check out our free strong password generator made by CommonKey to help you get started. Want to learn more about how to protect your company? Shoot us an email and info@commonkey.com!


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Russian Hackers Release 5 Million Gmail Usernames and Passwords Online

email-hack-2

A combination of recent phishing scams and weak passwords resulted in a massive e-mail hack. Usernames and passwords from Gmail and two Russian-language services, Yandex and Mail.ru, were made public. Sources say that if your e-mail has been compromised, it is likely that the leaked passwords are too old to grant hackers access. However, it is still recommended to be on the safe side and check out websites such as ‘Is my e-mail leaked’ to see the security status of your e-mail. And, of course, change your password to something more complicated and more secure to prevent future hacks. To help you get started, here is our recommended password generator, provided by CommonKey.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Stubhub Accounts Hacked Due To Poor Password Management

StubHub

Russian hackers used mismanaged Stubhub accounts to fuel their recent international money laundering operation. The hackers breached Stubhub accounts to purchase and resell high-demand tickets. Unlike Target’s security catastrophe, where the company was directly breached, Stubhub’s hack was likely a result of mismanaged passwords. Everyone should have a different password for each online account, consistently check your accounts for suspicious activity, and rotate your passwords using a strong password generator.

Having difficulty memorizing all your company passwords? Let CommonKey manage the keys to your company with our team password manager and built-in strong password generator.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

CommonKey prepares for Techweek NY

techweek

The CommonKey team just received word we were accepted to compete in Techweek NY, the nation’s leading technology conference and festival.

The event is a massive gathering of startups, technologists, and entrepreneurs that make an impact in NYC and across the globe. There are events the entire week starting September 29th through October 5th.

CommonKey will be participating in the LAUNCH competition on Thursday, where judges will have a chance to check out our booth. We’d love your support as we continue to solve team password management!


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Flaw in router chipset leads to easy WIFI hacking

Asus Router w/ Broadcom Technology

A flaw found by Oxcite in some router chipsets now let hackers bypass the push-button security of WiFi Protected Setup (WPS) nearly instantly. What used to be a difficult task of trying to grab inbound or outbound data packets to crack the password, hackers now can take a single shot based on a series of offline calculations that take only about a second to complete.

Fortunately, this vulnerability in the hardware isn’t in every router, but it’s likely found in relatively common chipsets from Broadcom and others that have yet to be named (as they rush to patch the issue). Ars Technica chimes in and notes the flaw is likely due to a wireless networking implementation issue rather than the technology itself.

Bottom line, turn off your router’s WPS and work out of the native router setup.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

CommonKey competes at NYC Tech Cocktail Startup Showcase tomorrow!

tc-logo-stacked-with-glass

 

CommonKey has been selected to present and compete in the upcoming Tech Cocktail’s New York Mixer & Startup Showcase tomorrow, August 27th at 6:30PM. If you happen to be in the neighborhood, stop by, say hello, have a drink and come learn about all the cool startups in New York City.

Have a few seconds? Vote for us as New York’s Hottest Showcasing Startup HERE.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

4.5 million records stolen from hospital network

Community Health Systems hacked The hospital network Community Health Systems announced it was hacked on Monday, which has led to 4.5 million patients data being stolen. The hospital network operates 206 hospitals across 28 states in the United States and the hackers gained access to names, social security numbers, physical addresses, birthdays, and telephone numbers.

The impact is huge as anyone who received treatment from a physician’s office tied to a network-owned hospital in the last five years, or was merely referred there by an outside doctors, is affected. This means the hackers could have access to bank accounts, credit cards, and even be able to take out loans, ruining personal credit histories for the affected.

Community Health Systems is currently working with Mandiant (cybersecurity experts) regarding the recent attack and have determined the attack came from China using high-end, sophisticated malware to launch the attacks sometime in April and June. Additionally, the FBI is working closely with the hospital network and “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators.”

The hospital network has announced it plans to offer identity theft protection to the 4.5 million victims of the data breach and provide more public information as the investigation continues.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.