BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

An Alert System for Security Breaches

From: security curmudgeon <jericho () attrition org>
Date: Thu, 20 Sep 2012 01:16:27 -0500 (CDT)

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://bits.blogs.nytimes.com/2012/09/19/an-alert-system-for-security-breaches/

By NICOLE PERLROTH
The New York Times
September 19, 2012

It was, no doubt, the year of the security breach.

Hackers breached LinkedIn, LastFM.com, eHarmony, Yahoo and other sites, 
then posted customers? usernames, passwords, e-mail addresses and device 
IDs to the Internet for all to see. In most cases, the consumers had to 
dig through hackers? data dumps to find out what, if any, of their 
information had been compromised, then scurry to change their log-in 
credentials across many sites.

Now, with breaches on the rise, some companies have started offering 
customers new services to save them the trouble. LastPass, a service for 
managing passwords, said on Tuesday that it had partnered with PwnedList, 
a database of leaked usernames and passwords, to alert customers if a Web 
site was breached and if their information was included in the data dump.

The company will perform daily scans of PwnedList?s database of 24 million 
(and growing) publicly leaked usernames and passwords and alert customers 
by e-mail if a domain was breached, if their log-in information was 
compromised and if they used the same password for the breached Web site 
elsewhere. In a blog post, LastPass said it planned to offer its alert 
system, called LastPass Sentry, free.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: