Computer Security News and Insights
When Marriott acquired Starwood Hotels in 2016, the deal looked solid on paper. Two years later, Marriott disclosed that hackers had been inside Starwood's reservation system since 2014 — exposing the personal data of up to 500 million guests. The breach predated the acquisition. The liability didn't.
In April 2021, a collection of 533 million Facebook user records surfaced on a dark web forum — names, phone numbers, email addresses, all posted for anyone to grab. Three months before that, a compilation of 3.2 billion email and password pairs called COMB (Compilation of Many Breaches) appeared on
Your Credentials Are Probably Already There In April 2021, a threat actor posted a database of 533 million Facebook user records — phone numbers, full names, locations, email addresses — on a popular dark web forum. For the price of nothing. Just sitting there, searchable. So what is the dark web, exactly,
In April 2021, researchers discovered a database of 533 million Facebook user records — names, phone numbers, email addresses — freely circulating on a dark web forum. That same month, a compilation of 3.2 billion email-password pairs called "COMB" surfaced, aggregated from years of breaches. Stolen credentials on the
23 Billion Stolen Credentials Are Circulating Right Now In 2020, Digital Shadows found more than 15 billion stolen credentials for sale on dark web markets — and that number has only climbed since. Every single one of those username-password pairs is ammunition for a credential stuffing attack. This isn't
In March 2021, Microsoft disclosed that the Hafnium threat actor group had exploited Exchange Server vulnerabilities — but what most people missed is that many of those compromised servers were initially discovered through brute force password spraying. The attackers didn't need a sophisticated zero-day for every target. They just
In January 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a form of account takeover — cost victims over $1.8 billion in 2020 alone. That made it the costliest category of cybercrime by a wide margin. Not ransomware. Not credit card fraud. Account takeover.
In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise and identity theft schemes cost U.S. organizations over $4.2 billion in 2020 alone — making it the single most expensive category of cybercrime. That number isn't slowing down. If you run
In March 2020, Microsoft engineers published a finding that stunned even seasoned security professionals: accounts protected by multi-factor authentication block over 99.9% of automated attacks. Yet as of mid-2021, adoption remains shockingly low. The FBI's 2020 IC3 report documented $4.2 billion in cybercrime losses, with compromised
In February 2021, T-Mobile disclosed a data breach that exposed customer phone numbers and SIM information. That same month, the FBI's Internet Crime Complaint Center continued logging a surge in SIM swap complaints — a threat that directly undermines SMS-based two-factor authentication. If your organization still relies on text
