Hacker Selling 65 Million Passwords From Tumblr Data Breach

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned.

"As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts," read Tumblr’s blog.

A Hacker, who is going by "peace_of_mind," is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal.

The compromised data includes 65,469,298 unique e-mail addresses and "salted & hashed passwords."

The Same hacker is also selling the compromised login account data from Fling, LinkedIn, and MySpace. I wonder if he has more data sets yet to sell…

Salt makes passwords hard to crack, but you should still probably change it.

Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature

Microsoft has finally decided to remove one of its controversial features Wi-Fi Sense network sharing feature from Windows 10 that shares your WiFi password with your Facebook, Skype and Outlook friends and enabled by default.

With the launch of Windows 10 last year, Microsoft introduced Wi-Fi Sense network sharing feature aimed at making it easy to share your password-protected WiFi network with your contacts within range, eliminating the hassle of manually logging in when they visit.

This WiFi password-sharing option immediately stirred up concerns from Windows 10 users especially those who thought the feature automatically shared your WiFi network with all your contacts who wanted access.

But Wi-Fi Sense actually hands over its users controls so they can select which networks to share and which contact list can access their Wi-Fi.

Also, the feature doesn't share the actual password used to protect your Wi-Fi, but it does give your contacts access to your network.

However, the biggest threat comes in when you choose to share your Wi-Fi access with any of your contact lists.

But, Who really wants to share their Wi-Fi codes with everyone in the contacts?

Of course, nobody wants.

Since the feature doesn't give you the option to share your network with selected individuals on Facebook, Skype or Outlook, anyone in your contact list with a malicious mind can perform Man-in-the-Middle (MITM) attacks.

We have written a detailed article on Wi-Fi Sense, so you can read the article to know its actual security threat to Windows 10 users.

Although Microsoft defended Wi-Fi Sense network-sharing as a useful feature, Windows users did not give it a good response, making the company remove WiFi Sense's contact sharing feature in its latest Windows 10 build 14342.

"The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment," said Microsoft Vice President Gabe Aul. "Wi-Fi Sense, if enabled, will continue to get you connected to open Wi-Fi hotspots that it knows about through crowdsourcing."

Microsoft just released its latest Windows 10 build for testers. The company will remove the Wi-Fi Sense password sharing feature as part of its Anniversary Update due in the summer, but will keep the Wi-Fi Sense feature that lets its users connect to open networks.

Second Bank hit by Malware attack similar to $81 Million Bangladesh Heist

SWIFT, the global Society for Worldwide Interbank Financial Telecommunications, warned on Thursday of a second malware attack similar to the Bangladesh central bank hack one that led to $81 million cyber heist.

In February, $81 Million cyberheist at the Bangladesh central bank was carried out by hacking into SWIFT, the global financial messaging system that thousands of banks and companies around the world use to transfer billions of dollars every day.

However, the hackers behind the cyber heist appear to be part of a comprehensive online attack on global banking and financial infrastructure.

The second attack involving SWIFT targeted a commercial bank, which the company declined to identify. SWIFT also did not immediately clear how much money, if any, was stolen in the attack.

However, SWIFT spokeswoman Natasha de Teran said that the second attack and the Bangladesh bank heist contained numerous similarities and were very likely part of a "wider and highly adaptive campaign targeting banks," the NY Times reported.

The malware involved in the Bangladesh cyber heist was used to manipulate logs and erase the history of the fraudulent transactions, and even prevented printers from printing the fraudulent transactions.

The malware used in the attack also has the capability to intercept and destroy incoming messages confirming the money transfers, preventing hackers to remain undetected.

SWIFT said in a statement that the attackers clearly exhibited "a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both."

News of a second attack involving SWIFT comes as law enforcement authorities in Bangladesh and elsewhere investigate the February's $81 Million cyberheist at the Bangladesh central bank account at the New York Federal Reserve Bank.

The hackers had attempted to steal $951 Million in total from Bangladesh central bank account using fraudulent transactions, but a simple typo by hackers halted the further transfers of the $850 Million funds.

SWIFT has acknowledged that the scheme involved Bangladesh cyberheist did not harm its core messaging system.

However in both the cases, insiders or hackers had successfully penetrated the targeted banks' systems, pilfering user credentials and submitting fraudulent messages that correspond with money transfers.

The Pirate Bay loses its Main Domain Name in Court Battle

The Pirate Bay has fought many legal battles since its launch in 2003 to keep the website operational for the last 13 years.

However, this time The Pirate Bay is suffering a major blow after the Swedish Court ruled Thursday that it will take away the domain names 'ThePirateBay.se' and 'PirateBay.se' of the world's most popular torrent website and will hand over them to the state.

As its name suggests, The Pirate Bay is one of the most popular file-sharing torrent site predominantly used for downloading pirated or copyrighted media and programs free of charge.

Despite the criminal convictions, the torrent site remains functioning although it has moved to different Web domains several times.

However, this time, The Pirate Bay loses its main .SE domain, the world's 225th most popular website according to the Alexa ranking, according to Swedish newspaper DN.

"In common with the District Court ruling the Court of Appeal finds that there is a basis for confiscation since the domain names assisted crimes under the Copyright Act," a statement on the site of the Svea Court of Appeal reads. "This means that the right to the domain names falls to the state."

Back in 2013, the anti-piracy prosecutor Fredrik Ingblad took a different approach to shutting downthe file-sharing website.



Instead of suing the operators of the site or going after The Pirate Bay directly, the prosecutor decided to take two of its more popular domains from it and filed a complaint against Punkt SE (IIS), the company that manages .SE domain names.

The lawsuit filed against Punkt SE claimed that The Pirate Bay was an illegal torrent site and that all tools, including the domain names thepiratebay.se and piratebay.se, used in connection with the illegal site should be suspended.

Last year, the Stockholm District Court ruled in favor of the prosecution, saying that both ThePirateBay.se and PirateBay.se would be taken from the owners of The Pirate Bay.

Punkt SE then appealed and won the case and also awarded the body compensation of US$40,000 for legal costs.



As a result, the prosecution appealed, and now the decision came in the prosecution's favor, which means The Pirate Bay’s popular domains names are set to be forfeited to the Swedish state.

Both ThePirateBay.se and PirateBay.se are held in the name of The Pirate Bay co-founder Fredrik Neij, so the next step of the legal battle will now be against him.

Although there is still the possibility of another appeal, it is hard to say at this time whether both .SE domains of The Pirate Bay will still be active in the coming months.