Update: T-Mobile has reached out and clarified that the breach affects current and former customers who went through a credit check. Anyone who did not go through a credit check is unaffected.
T-Mobile has confirmed this evening that as many as 15 million of its customers have been affected by a data breach. As the company is quick to point out, however, the breach did not occur on its servers, but rather its credit partner’s, Experian.
Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.
Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required … Expand Expanding Close
A database containing login information for nearly 7 million users of the private cloud storage provider Dropbox has been accessed by hackers, according to a partial dump posted on Pastebin earlier this evening (via The Next Web). However, Dropbox has issued a statement denying that this breach occurred on its end, saying that Dropbox itself was not attacked, but rather a third-party service that had stored user credentials:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.
Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:
Imagine our surprise when an email from a complete stranger showed up in our tips box containing the personal contact information—including cell phone numbers—of several 9to5Mac staffers, as well as a few high ranking Apple executives.
Last night Apple pulled the Developer Center offline for maintenance, but as is usually the case, no noticeable changes were visible when it came back up. As it turns out, the company was patching a very serious security breach that was discovered over the weekend, allowing anyone to access the personal contact information for every registered iOS, Mac, or Safari developer; every Apple Retail and corporate employee; and some key partners.
The issue was discovered by developer Jesse Järvi and brought to our attention on Saturday. A video of the exploit is below. We ensured that the problem was reported to Apple and ran it up the ladder. Due to the critical nature of the problem, we would never reveal this type of flaw to the public until it had been dealt with and we had contacted Apple . As of last night, the hole has been patched. Keep reading for the full details of how the breach was executed and exactly what information was at risk.
