Phandroid
PSA: Cerberus breach prompts network-wide password reset
Do you use Cerberus, an Android app and service to help find and track your lost or stolen smartphone? You’ll want to head over to your account right now and change your password, as the company has revealed an unfortunate breach that may have given perpetrators access to your accounts.
An email sent to Cerberus subscribers tells us that username and encrypted passwords have been compromised. Thankfully no other account information was revealed the hackers, including email addresses and any personal information that may have been tied to the account.
And since the passwords were stored in an encrypted format, the hackers likely couldn’t do anything with the information they obtained — in fact, Cerberus believes only three accounts were broken into.
Regardless, Cerberus wants to make sure everyone has peace of mind by prompting users to reset their passwords. You won’t be able to login with your existing password to do this. Simply go to the site’s “Forgot Password” form here to get it going. Once you do that, Cerberus says it’s a good idea to log into your account and check your account logs to make sure no suspicious activity has taken place (such as someone requesting a location or trying to sound the phone’s alarm).
Here’s a more detailed breakdown of what occurred with this incident:
- The database was not accessed, and passwords are hashed and uniquely salted multiple times there. The hackers likely couldn’t access the accounts.
- - The hacker was able to access a legacy log file that contained usernames and SHA-1 hashes of passwords that were generated by the app logins between March 1 and March 21
- They then deleted the log file, stopped the legacy logging procedure, invalidated the passwords for the accounts present in the log and notified the users involved
- A total of 96564 accounts had their password reset and have been notified with the email communication above. These accounts have not been accessed in any way.
- A total of 3 accounts were accessed by the attackers, but Cerberus immediately blocked access to those accounts and reset their passwords. Those 3 users were notified before the others with a different email.
- As of March 26, none of the data obtained by the attacker is believed to be released publicly.
That’s the skinny of it, folks. These things happen, and it’s unfortunate when they do, but the most you can ask for is that the developers are responsible enough to provide proper communication and take necessary measures to ensure everyone is protected. That’s exactly what Cerberus did.
Of course, they’ll be looking into ways to improve their security even more down the line to make sure someone like this isn’t commonplace, and have already contacted security experts for a systems audit to see where and how they can improve.
[via Google+]
HTC Desire 616 revealed to be first HTC device with octa-core chipset
Another mid-range HTC handset has broken cover over in China, with the latest being the company’s first to ship with an octa-core processor. It’s the HTC Desire 616, a 5-inch 720p device that looks like it won’t make it too far out of Asia.
That aside, it looks like it could be a decent device for those in the Chinese market to pick up, as the rest of its specs include MediaTek’s 1.7GHz octa-core processor, 1GB of RAM, 8 megapixel camera and Android 4.4.2.
Sense is on board, but as of the time of this writing it’s the aged Sense 5 that was featured on the HTC One 2013. The device also curiously features on-screen buttons, a trend that began with the newly-announced HTC One M8.
The 616′s design and build quality seem uninspired, though we’ve come to expect that from a phone that isn’t meant to go toe-to-toe with the great ones of the mobile world. There’s not much else to know about this thing at this time, but we imagine we’ll know more once this device launches (which would probably happen at some point in Q2 2014).
[Weibo via G for Games]
0 comments:
Post a Comment