Massive Security Breach For Millions of Gmail Users

With more than 500-million users around the globe, chances are, you, or someone you know has a Gmail account.

But upon the heels of leaning of a massive bug that could have exposed every single Gmail user's email address, users are feeling uneasy.

"I don't like it. I think I'm going to switch accounts" says Cecil Ward, a Tampa man who uses Gmail as his everyday account.

A researcher found the flaw in Google's security last winter. This researcher was able to collect almost 40-thousand addresses, in a matter of hours.

"It's basically a foot in the door for hackers. It's a very valuable piece of information hackers would kill for." Says security expert, Kevin Johnson, of The SSL Store.com.

"If they have your email, they can send you phishing schemes in hopes you go to, let's say a fake bank site, and put in your password and username that they use to steal your identity."

The good news, is the bug has been fixed, and the researcher was provided a reward for alerting Google of the potential hack hazard.

Kevin, from The SSL Store Dot.com says from a user's standpoint, there's not much you can do to prevent another breach in security. Though he offers some common sense advice.

"Make sure you have a password of at least 8 characters that contains letters and numbers, both upper and lowercase. Change your password once to two times a year to keep things fresh."

148 Million EBay customers must reset passwords after major hack

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted, but there's no telling when or if the hackers can decrypt them. As a precaution, eBay is resetting everyone's passwords.

The company isn't saying how many of its 148 million active accounts were affected -- or even how many customers had information stored in that database. But an eBay spokeswoman said the hack impacted "a large number of accounts."

EBay's subsidiary, PayPal, said it was untouched by the data breach. PayPal data, which is sensitive because it includes payment information, is kept on a separate network.

To hack into the eBay database, the cyber attackers managed to get their hands on "a small number" of eBay employee log-in credentials, the company said. They then used that to worm their way into eBay's corporate network. The hackers grabbed the customer database between late February and early March.

It wasn't until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft.

The company said it hasn't spotted any increase in fraudulent activity on eBay yet.

This is only the latest major data breach compromising people's digital lives. In April, AOL announced hackers stole "a significant number" of its 120 million users' email addresses, passwords, contact lists and more.

CryptoLocker crooks launch new 'customer service' website for victims

Computer experts are stressing the importance of data protection as the 'Cryptolocker' virus spreads. 

The virus, usually installed through unwanted attachments on emails or through questionable websites, encrypts information on computers that, in most cases, cannot be undone.  Hackers force users to pay money to get their information back.

"You cannot get it decrypted," explained Rob Shiras with IT Headquarters in West Seattle, "You have to send them money to get out of trouble."

Shiras said his office sees one computer infected with 'Cryptolocker' every week.  Most decide to wipe their hard drive, but recently, someone chose to pay the ransom.

"They gave him 72 hours," recalled Shiras, "He thought about it for 48 hours and said, I need my pictures."

'Cryptolocker' is not a new virus, but it continues to plague computer owners and bother law enforcement.

Inside the U.S. Secret Service Electronic Crimes Taskforce Computer Lab in Seattle, a variety of agencies chase leads on cyber crime, including Cryptolocker.

"There is a substantial amount of crime that's just homegrown in the U.S.," said Special Agent in Charge Robert Kierstead, "We also see a lot of action in Eastern Europe."

The Secret Service has branches abroad to help track cyber criminals down, but even law enforcement admit Cryptolocker is the worst kind of virus.

Shiras said once a computer is infected with Cryptolocker, little can be done to retrieve the information lost.  Even paying the ransom does not ensure the data is returned.

The key, Shiras and Kierstead said, is prevention ahead of time.  That includes avoiding questionable websites, not opening emails with attachments from strangers and backing up hard drives regularly.

Do Not Use Microsoft Internet Explorer Until You Apply A Fix. A Vulnerability Has Been Found In Every Version Of Internet Explorer

This weekend Microsoft confirmed the presence of an Internet Explorer vulnerability, as well as active attacks against this vulnerability, in every version of Internet Explorer.

This vulnerability could be used to silently install malicious software without knowledge or assistance from the end user, by browsing to an infected site.

Microsoft is recommending that Internet Explorer users download and install their Enhanced Mitigation Experience Toolkit (EMET) version 4.1.

The college is already working on deploying this to all of its computers in response to this vulnerability.

Home users are advised to download and install the EMET 4.1 toolkit, which is provided here:  http://www.microsoft.com/en-us/download/details.aspx?id=41138

Or, use an alternate browser.  

As always, be mindful of your internet surfing habits and the sites that you go to.

Do not click on links in unsolicited email or from people who you do not know.

If you mouse over a link and it appears different from what is presented on the screen, do not click on it even if it is from someone you know.

Note: If you are using Windows XP, this vulnerability WILL NOT be fixed, as Microsoft is no longer supporting XP.