Yesterday Troy Hunt announced, to considerable éclat, the discovery of a large trove of credentials for sale in a dark web souk. He calls it "Collection #1." The hood offering the material for sale goes by the nom-de-hack of "Sanixer." KrebsOnSecurity contacted Sanixer and concluded that the material is relatively old, gleaned from various sources, and possibly worth every cent of the $45 Sanixer is charging (which is to say, not so much). 773 million unique email addresses and 21 million unique passwords are lots of credentials, to be sure, but Motherboard is probably right to point out that it's not the devastating blow to Internet users that's been giving some media outlets the yips. Good job by Mr. Hunt and HaveIBeenPwned in finding Collection #1. It should serve as a nudge toward better digital hygiene.
Palo Alto Networks warns that Rocke coinjacking malware is able to disable five Tencent Cloud and Alibaba Cloud security products that would otherwise prevent Rocke from operating in infected systems.
Facebook made another sweep of "coordinated inauthentic sites," pulling down three-hundred-sixty-four Russian pages yesterday. The pages targeted were judged to be not only inauthentic, but also have engaged in information operations. The accounts were linked, Facebook says, to the Russian news agency Sputnik.
Winner winner chicken dinner: GameDaily reports that Epic Games has patched the Fortnite flaw that exposed some 200 million gamers' data.