Posted on

Imgur hackers stole 1.7 million email addresses and passwords

Image-hosting website Imgur discovered at the end of last week that hackers broke into its systems in 2014, and stole the account details of some 1.7 million registered users.

Imgur found out about the historic hack when HaveIBeenPwned‘s Troy Hunt contacted the company on Thursday 23 November, which was a national Thanksgiving holiday in the United States.

  • On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.

Despite the festivities, Imgur quickly responded to Hunt’s message, confirmed that the data did indeed include the login credentials of users, and the following day began the process of resetting affected users’ passwords.

In a blog post, Imgur confirmed that it had been breached and that email addresses and passwords had been exposed. The site doesn’t ask its users for any additional personal information, so that fortunately was certain not to have been at risk.

At the time of writing Imgur is still investigating how hackers might have been able to breach is security systems.

Imgur did confirm, however, that (at the apparent time of the breach in 2014) it was scrambling passwords with the SHA-256 algorithm – which in recent years has fallen from favour. Imgur says that in 2016 it switched over to the stronger bcrypt hashing algorithm.

Whether you are a registered user of Imgur or not, it has become all too obvious in recent years that it is essential that no-one should use the same password for multiple online services. Reusing passwords is a recipe for disaster – opening opportunities to exploit shared credentials to break into other parts of your online life with a view to stealing identities, personal information, or simply making mischief.

Although in an ideal world Imgur would never have been hacked in the first place, I believe that the company should be commended on two counts.

Firstly, Imgur didn’t ask users when they created accounts to enter any extraneous unnecessary information – such as real names, dates of birth, addresses, or phone numbers that could have made this breach much more damaging to its victims. There’s a great deal to be said for companies limiting the amount of information that they ask from their users – the less they store about you, the less they can lose.

Secondly, Imgur’s response to being notified about the breach is excellent. Despite it being the Thanksgiving holiday in America they responded to the report of the data breach and immediately began work protecting accounts, and offered sensible advice on what affected users should do next.

Posted on

Shipping giant refuses to pay hackers ransom after data stolen

Clarksons, the global shipping firm, has turned the tables on criminal hackers who attempted to extort a ransom payment after stealing confidential information from the company’s network.

The business, which is thought to have suffered a breach at the hand of hackers earlier this month, has warned that the hackers may release some of the stolen data – but that it refuses to give in to blackmail.

Details of the quantity and precise nature of the stolen data have not been made public by Clarksons, but in a statement (PDF), the FTSE 250 company apologised to clients, shareholders, and staff for any concern that the breach may cause them – and said that it was in the process of contacting affected individuals and clients directly.

According to the statement, Clarksons at present believes that the hacker gained unauthorised access to its computer network after compromising the account of a “single and isolated user.” That account has now been disabled by the firm, and “additional security measures” have been put in place to prevent similar attacks in future.

The description of the means by which a hacker or group of hackers gained access to Clarksons’ systems makes me think that the attack may not have exploited a software vulnerability, but rather that a legitimate account holder had login credentials compromised.

The all-important username and passwords that protect so many sensitive accounts are no defence at all if a user has made the mistake of reusing passwords in multiple places, choosing an easy-to-crack or easy-to-guess password, or is duped into falling for a phishing attack or installing keylogging malware.

That’s one of the reasons why more and more companies are waking up to the importance of incorporating additional levels of authentication (such as two-step verification) and IP lookups to reduce the likelihood of malicious logins.

Clarksons says it has, quite rightly, informed the police about the attack, and is accelerating the roll-out of additional security measures. Furthermore, Andi Case, CEO of Clarksons, shares some admirable sentiments:

Posted on

Microsoft just made the ultimate mouse

The mouse’s scroll wheel can switch between fast scrolling and moving up or down line by line.

Microsoft has been making mice since 1983.

It’s taken three and a half decades, but Microsoft has finally made the ultimate mouse.

The Bluetooth-enabled Surface Precision Mouse, which Microsoft revealed in October alongside the second generation of its high-end Surface Book convertible laptop, is very comfortable while still looking elegant. It’s got six customizable buttons, a rechargeable battery, a thumb rest, and a scroll wheel that can be switched from smooth and fast vertical scrolling to granular line-by-line scrolling. And you can use it with up to three PCs at the same time.

In other words, it’s just right — even if it does run on the expensive side at $100. Mice from Logitech and Razer have boasted some of its features, but none has felt this natural.

While Amazon, Apple and Google are busy refining smart speakers that house their respective virtual assistants, Microsoft in recent years has focused on getting more traditional hardware right. The Surface Studio all-in-one desktop PC is an engineering marvel. The Surface tablet has spawned countless imitations. And the latest Xbox is the world’s most powerful console. Office and Windows certainly bring Microsoft more revenue than Surface and Xbox products, but at the same time, the company has visibly raised its hardware standards under the leadership of Satya Nadella.

In years past, certain Microsoft mice have had shortcomings. The Intellimouse, which debuted in 1996, was corded or required an unwieldy wireless receiver for the better part of a decade. The Natural Wireless Laser Mouse 6000, which arrived in 2006, was said to have strangely placed buttons. The Explorer Mini Mouse, which showed up in 2008, had no off switch. The Arc Touch Mouse, which debuted in 2010, could lie flat but was an ergonomic mess.

The Surface Precision Mouse has none of these drawbacks.

What it does have is a sliver of a button tucked behind the scroll wheel that makes a pleasant clunking sound when pushed. It immediately becomes obvious what role this button serves when you glide your finger on the scroll wheel. With the push of the little button, you can switch between very speedy scrolling or something a lot more precise, which can come in handy when exploring long files and websites. Scrolling in fast mode is strangely satisfying. It’s like gliding your finger along a stack of fresh printer paper.

If you have a Mac, you won’t be able to customize the buttons, but if you’re running Windows — with the exception of the new Windows 10 S — you’ll be able to tweak their functions with the Microsoft Mouse and Keyboard Center software. The battery inside the mouse can’t be removed, but Microsoft says a single charge will last for up to three months, and you can recharge the battery with an included micro-USB cable. Unlike Apple’s Magic Mouse, the port is at the front end of the mouse, so you’ll still be able to use it while it’s charging.

Do you need a mouse like this if you have one that works perfectly well? Of course not. But this is a mouse I love to use. And if you sit in front of the computer every day like me, then you might just come to love it, too.