Latest news with #KeeperSecurity
Forbes
2 days ago
- Forbes
16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now
The biggest password leak in history confirmed. getty Update, June 19, 2025: This story, originally published on June 18, has been updated with comments from the founders of Keeper Security regarding the 16 billion leaked passwords and other login credentials across the major tech vendor landscape. If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here's what you need to know and do. Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It's why Google is telling billions of users to replace their passwords with much secure passkeys. It's why the FBI is warning people not to click on links in SMS messages. It's why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it's why this latest revelation is, frankly, so darn concerning for everyone. According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, '30 exposed datasets containing from tens of millions to over 3.5 billion records each,' have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history. The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' Not all password databases are tye result of compromise and infostealer malware, such as is the case with the 16 billion megadump here. Darren Guccione, the CEO and co-founder of Keeper Security, a privileged access management platform, told me that this GOAT passwords leak was an apt reminder of 'just how easy it is for sensitive data to be unintentionally exposed online.' And Guccione certainly isn't wrong, far from it in fact. This could be just the tip of the biggest security iceberg waiting to crash into the online world. I mean, just imagine how many exposed credentials, including passwords, are sitting there in the cloud, or more to the point in misconfigured cloud environments, waiting for some to find them. If we are lucky, that someone will be a security researcher who responsibly discloses the exposure to the owner or host; if not, then it will be a malicious actor. Who would you put your money on? 'The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications,' Guccione said, which is why it is more important than ever for consumers to invest in password management solutions and dark web monitoring tools. The latter can help by alerting users when their passwords have been exposed online, hopefully enabling them to take direct action and update their account logins if the password has been reused across services. Organizations, however, do not escape the necessity of investment either. They should be looking at adopting zero-trust security models that provide privileged access controls to 'limit risk by ensuring access to sensitive systems is always authenticated, authorized and logged,' Guccione concluded, 'regardless of where the data lives.' Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. 'Organisations need to do their part in protecting users,' Javvad Malik, lead security awareness advocate at KnowBe4, said, 'and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible." To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don't wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
Yahoo
06-05-2025
- Yahoo
This 1 Word Can Protect Your Family From AI Scam Calls, FBI Says
This 1 Word Can Protect Your Family From AI Scam Calls, FBI Says The FBI has warned that AI scam calls – in which scammers can imitate a loved ones' voice and even appearance when trying to extort money from victims – are on the rise. The new tech 'increases the believability of their schemes,' the bureau added, and saves fraudsters time and money. It can be used for text and image-based scams, too. Which? said about a quarter of UK scam calls are now AI-powered. ADVERTISEMENT Advertisement Actor Josh Peck said in his podcast, Good Guys, that he's so panicked about a family member falling victim to the scam that he's taken the time to warn his own parents. 'I told my mother in the age of AI, there's a chance that someone... God knows, you could copy my voice... someone could call you one day sounding like me, asking you for X amount of money,' he shared. Luckily, experts say there's a simple way to protect your family from the scam, which the actor and podcaster uses himself. Use a codeword Josh shared that he told his mother: 'We need to have a codeword so that you'll know that it's really me.' ADVERTISEMENT Advertisement And while he says his own mum scoffed at the idea, experts are on his side. Speaking to CBS MoneyWatch, James Scobey, chief information security officer at Keeper Security, recommended the method too. 'It needs to be unique and should be something that's difficult to guess,' he advised. 'It shouldn't be something that can be researched online about you or your family. Avoid street names, towns, phone numbers and individual names as part of a pass phrase.' Even the FBI agrees. Its first suggestion to protect yourself from the scam is to 'create a secret word or phrase with your family to verify their identity'. Any other suggestions? Yep – the FBI said we should look out for any little imperfections of a person's appearance or voice in a call demanding money. ADVERTISEMENT Advertisement We should also make our social media accounts private and limit the images and voice clips we make public on the internet if possible, the bureau added. Registering with the Telephone Preference Service (TPS) in the UK will mean legitimate companies will be unable to call your phone out of the blue. That way, you'll know any out-of-the-blue caller claiming to represent a business is a scammer. If you have lost any money to a scam and live in Northern Ireland, England, or Wales, report it to Action Fraud immediately. If you're in Scotland, you can also call the police on 101. Related...
Associated Press
18-02-2025
- Business
- Associated Press
Keeper Security Launches Upgraded KeeperPAM, Redefining Privileged Access Management with Zero-Trust Security
KeeperPAM empowers orgs to stay ahead of evolving cyber threats by providing a robust zero-trust framework for managing privileged access and mitigating risks 'With KeeperPAM, we are empowering organisations to embrace resilient security strategies such as zero standing privilege .' — Darren Guccione, CEO and Co-founder of Keeper Security LONDON, UNITED KINGDOM, February 18, 2025 / / -- Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, introduces the next generation of its Privileged Access Management (PAM) platform, KeeperPAM®. The latest update introduces a fully cloud-native solution that seamlessly integrates all privileged access management processes into Keeper's encrypted vault. This unified approach ensures maximum security, simplicity and scalability, enabling organisations to manage privileged credentials and secrets securely within a single platform. With privileged accounts being a primary target for cybercriminals, implementing a robust PAM solution is essential. In fact, 80% of organisations that have adopted PAM solutions report a significant reduction in cyber attack success related to credential theft and misuse. KeeperPAM builds on this approach, integrating a zero-trust security framework that ensures only verified, authorised users gain access to critical infrastructure while its zero-knowledge architecture ensures complete data protection. Revolutionising privileged access security, KeeperPAM provides advanced automation and real-time monitoring, ensuring that every access request is dynamically verified, credentials are securely vaulted and privileged sessions are closely tracked. This end-to-end solution minimises the risk of unauthorised access, streamlines compliance efforts and empowers businesses to stay ahead of emerging threats, whether managing hybrid cloud or on-premises environments. Key Features of KeeperPAM - Zero-Trust Authentication: Every access request is dynamically verified, ensuring only trusted users can interact with sensitive systems. - Secure Vaulting: Sensitive credentials are securely stored in Keeper's encrypted vault, ensuring that passwords, passkeys and secrets are always protected. - Automated Password Rotation: Passwords for privileged accounts are automatically rotated, eliminating the risk of credential theft and misuse of standing credentials. - Secure Remote Access: Establish agentless zero-trust remote connections to targets within your infrastructure and web-based assets, directly from the Keeper Vault. - Privileged Session Monitoring: Real-time monitoring of privileged sessions helps prevent unauthorised actions and provides a clear audit trail. - Granular Access Control: Organisations can define specific policies for privileged accounts, enabling the least-privilege access model to reduce exposure to unnecessary risk. These features enable organisations to protect critical systems and maintain compliance with industry standards and regulations. By automating manual processes and simplifying audit reporting, KeeperPAM boosts operational efficiency. For industries with stringent compliance requirements, such as healthcare and finance, KeeperPAM supports and streamlines adherence to regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI-DSS), reducing the administrative burden of audit tracking and access management. KeeperPAM's dynamic authentication and session monitoring allow organisations to detect anomalous access patterns and respond quickly to both internal and external threats. With a flexible, scalable architecture, businesses can extend robust security controls to third-party vendors, remote employees and contractors without disrupting workflows. As cyber threats evolve, proactive protection of sensitive data becomes essential. KeeperPAM helps enterprises reduce the risk of unauthorised access, comply with industry regulations and stay ahead of emerging cyber threats. 'Security isn't just about reacting to threats; it's about anticipating them and creating layers of defense,' said Craig Lurey, CTO and Co-founder, Keeper Security. 'With KeeperPAM, we are helping organisations stay ahead of the curve by providing a solution that integrates seamlessly into their existing security architecture and elevates their ability to mitigate threats before they lead to breaches.' A New Era of Privileged Access Security As organisations continue to transition to hybrid cloud environments, securing privileged accounts has never been more critical. Recent high-profile breaches have demonstrated the devastating consequences of compromised privileged access, with attackers using these accounts to infiltrate networks and steal sensitive data. KeeperPAM addresses this challenge head-on by incorporating a zero-trust approach to validate every access request, ensuring that only those with explicit authorisation can access critical systems. 'Privileged accounts are one of the most common attack vectors for cybercriminals today and traditional security models are inadequate at protecting against modern adversaries,' said Darren Guccione, CEO and Co-founder, Keeper Security. 'With KeeperPAM, we are empowering organisations to embrace resilient security strategies such as zero standing privilege - to efficiently implement rigorous controls which minimise the attack surface and mitigate internal and external threats.' Strengthening Organisational Security in an Evolving Threat Landscape With cyber attacks becoming increasingly sophisticated, organisations are no longer able to rely on outdated security measures and legacy systems. KeeperPAM was developed with these modern threats in mind, offering robust protection for privileged accounts without sacrificing user experience. Whether securing on-premises systems or cloud-based infrastructure, KeeperPAM enables organisations to implement a comprehensive access control policy that adapts to their unique needs and risk profiles. KeeperPAM is fully compliant with a broad range of industry standards and regulations, including FedRAMP and StateRAMP Authorisation, SOC 2 Type II attestation, FIPS 140-3 validated and ISO 27001, 27017 and 27018 certifications. These benchmarks ensure that Keeper's solutions meet the highest standards of data protection, privacy and security, providing organisations with assurance that their privileged access management solution is backed by industry-leading security standards. For more information about KeeperPAM and how it can help your organisation strengthen privileged access security, visit About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organisations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organization against today's cyber threats at Charley Nash
Yahoo
12-02-2025
- Yahoo
Keeper Security Champions Cybersecurity in Education on Digital Learning Day
Amid a rise in cyber attacks targeting schools, Keeper® empowers educators with advanced tools and actionable strategies to protect students and their digital learning environments CHICAGO, Feb. 12, 2025 /PRNewswire/ -- This Digital Learning Day, Keeper Security, the leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, is calling for urgent action to address cybersecurity threats to education. In the wake of high-profile breaches like the recent PowerSchool breach – which compromised Social Security numbers, grades and attendance records of thousands – administrators, educators and families face the collective challenge of protecting students and staff from the growing risks of cyber attacks. According to Keeper's report, Cybersecurity in Schools: Safeguarding Students in the Digital Era, 74% of parents express confidence in their child's school's cybersecurity measures, however only 21% report receiving any guidance on secure password management. Despite the critical importance of secure passwords, only 9% of schools offer access to password managers, leaving students and staff vulnerable to cyber threats. Furthermore, only 14% of schools mandate security awareness training, and a mere 13% offer it as an option, leaving most students ill-equipped to handle online threats. As classrooms continue to become more connected through digital learning platforms and administrative tools, the risk of cyber attacks continues to grow. Many schools lack dedicated IT resources with the dual challenge of aging infrastructure and limited budgets. These constraints, combined with the vast amounts of sensitive student and staff data stored in school systems, have made educational institutions an attractive target for cybercriminals. 66% of higher education institutions reported ransomware attacks in 2024, emphasizing the scale of this growing threat. "Cybersecurity isn't just a technical issue – it's a fundamental part of ensuring student safety and the protection of their sensitive personal information," said Darren Guccione, CEO and Co-founder of Keeper Security. "Educational institutions must prioritize cybersecurity to create safe digital environments where students can thrive without fear of interruptions to their learning or breaches that can impact their lives for years to come." From Risk to Resilience: Flex Your Cyber Keeper and its partners are addressing this growing threat through its Flex Your Cyber initiative, a public service program designed to provide school administrators with essential cybersecurity knowledge and critical resources, along with age-appropriate content for families, educators and students alike. With resources ranging from engaging lesson plans to enterprise-grade tools, the initiative supported by the National Cybersecurity Alliance, KnowBe4, and Williams Racing aims to arm the education sector with the knowledge and technology needed to defend against evolving threats. Research shows that 70% of ransomware attacks against higher education resulted in data encryption, highlighting the severe operational impact of these incidents. "Digital Learning Day is about celebrating innovation in education," said Guccione. "But as we embrace technology, we must also ensure its responsible use. Flex Your Cyber provides the tools and strategies the education sector needs to help protect their communities and maintain trust in their digital systems." Proven Strategies to Strengthen School Security Keeper encourages schools and universities to adopt actionable measures to secure their digital learning environments and reduce exposure to risks: Enforce the use of strong, unique passwords and implement a password manager Utilize a PAM solution like KeeperPAM® to secure sensitive systems, data and assets Back up critical data and regularly test your backups Require Multi-Factor Authentication (MFA) for all logins Implement regular cybersecurity training and phishing awareness Actively monitor network and devices for suspicious activity Develop and practice a cyber incident response plan Identify and fix known security flaws, prioritizing those that malicious actors are actively exploiting Minimize exposure to common attacks by ensuring internet-connected devices are up-to-date A Shared Commitment to a Secure Digital Future Digital Learning Day is a celebration of technology's power to transform education, but it also serves as a call to action for the education system to protect students and staff in an increasingly digital world. By taking proactive measures and leveraging tools like those provided by Keeper Security, schools can create a safer, more resilient digital infrastructure. Keeper remains dedicated to supporting educators and administrators in this mission, ensuring that digital learning environments are not only innovative but also secure. To learn more about how Keeper Security's FedRAMP and StateRAMP Authorized cybersecurity solutions are protecting schools from cyber threats, visit or explore the vast Flex Your Cyber resources at About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organizations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organization against today's cyber threats at Learn more: Keeper: Facebook Instagram LinkedIn X YouTube TikTok Media ContactKatherine BenfieldICR for Keeper SecurityKeeperSecurity@ View original content to download multimedia: SOURCE Keeper Security
Associated Press
12-02-2025
- Associated Press
Keeper Security Champions Cybersecurity in Education on Digital Learning Day
Amid a rise in cyber attacks targeting schools, Keeper® empowers educators with tools and strategies to protect students and their digital learning environments 'Cybersecurity isn't just a technical issue – it's a fundamental part of ensuring student safety and the protection of their sensitive personal information.' — Darren Guccione, CEO and Co-founder of Keeper Security LONDON, UNITED KINGDOM, February 12, 2025 / / -- This Digital Learning Day, Keeper Security, the leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, is calling for urgent action to address cybersecurity threats to education. In the wake of high-profile breaches like the recent PowerSchool breach in the US – which compromised Social Security numbers, grades and attendance records of thousands – administrators, educators and families face the collective challenge of protecting students and staff from the growing risks of cyber attacks. UK government data published in 2024 revealed the alarming scale of the threat, with 71% of secondary schools, 86% of further education colleges and 97% of higher education institutions reporting cyber attacks in the past year – highlighting the urgent need for stronger cybersecurity measures across the education sector. According to Keeper's report, Cybersecurity in Schools: Safeguarding Students in the Digital Era, 74% of parents express confidence in their child's school's cybersecurity measures, however only 21% report receiving any guidance on secure password management. Despite the critical importance of secure passwords, only 9% of schools offer access to password managers, leaving students and staff vulnerable to cyber threats. Furthermore, only 14% of schools mandate security awareness training, and a mere 13% offer it as an option, leaving most students ill-equipped to handle online threats. As classrooms continue to become more connected through digital learning platforms and administrative tools, the risk of cyber attacks continues to grow. Many schools lack dedicated IT resources with the dual challenge of aging infrastructure and limited budgets. These constraints, combined with the vast amounts of sensitive student and staff data stored in school systems, have made educational institutions an attractive target for cybercriminals. In 2024, 66% of higher education institutions reported ransomware attacks, emphasising the scale of this growing threat. 'Cybersecurity isn't just a technical issue – it's a fundamental part of ensuring student safety and the protection of their sensitive personal information,' said Darren Guccione, CEO and Co-founder of Keeper Security. 'Educational institutions must prioritise cybersecurity to create safe digital environments where students can thrive without fear of interruptions to their learning or breaches that can impact their lives for years to come.' From Risk to Resilience: Flex Your Cyber Keeper and its partners are addressing this growing threat through its Flex Your Cyber initiative, a public service program designed to provide school administrators with essential cybersecurity knowledge and critical resources, along with age-appropriate content for families, educators and students alike. With resources ranging from engaging lesson plans to enterprise-grade tools, the initiative supported by the National Cybersecurity Alliance, KnowBe4, and Williams Racing aims to arm the education sector with the knowledge and technology needed to defend against evolving threats. Research shows that 70% of ransomware attacks against higher education resulted in data encryption, highlighting the severe operational impact of these incidents. 'Digital Learning Day is about celebrating innovation in education,' said Guccione. 'But as we embrace technology, we must also ensure its responsible use. Flex Your Cyber provides the tools and strategies the education sector needs to help protect their communities and maintain trust in their digital systems.' Proven Strategies to Strengthen School Security Keeper encourages schools and universities to adopt actionable measures to secure their digital learning environments and reduce exposure to risks: - Enforce the use of strong, unique passwords and implement a password manager - Utilise a PAM solution like KeeperPAM® to secure sensitive systems, data and assets - Back up critical data and regularly test your backups - Require Multi-Factor Authentication (MFA) for all logins - Implement regular cybersecurity training and phishing awareness - Actively monitor network and devices for suspicious activity - Develop and practice a cyber incident response plan - Identify and fix known security flaws, prioritising those that malicious actors are actively exploiting - Minimise exposure to common attacks by ensuring internet-connected devices are up-to-date A Shared Commitment to a Secure Digital Future Digital Learning Day is a celebration of technology's power to transform education, but it also serves as a call to action for the education system to protect students and staff in an increasingly digital world. By taking proactive measures and leveraging tools like those provided by Keeper Security, schools can create a safer, more resilient digital infrastructure. Keeper remains dedicated to supporting educators and administrators in this mission, ensuring that digital learning environments are not only innovative but also secure. To learn more about how Keeper Security's FedRAMP and StateRAMP Authorized cybersecurity solutions are protecting schools from cyber threats, visit or explore the vast Flex Your Cyber resources at About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organizations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organization against today's cyber threats at Charley Nash Eskenzi PR
