Passkeys have a lot of benefits over passwords, to be sure, but in recent years, getting people to adopt them has been a slow process. That may be changing, however. We reported this week on a new study from security firm Dashlane, which found that more people are embracing passwords, especially on platforms encouraging their use.
Leading the pack of companies pressuring their users to adopt passkeys are Amazon, which you may have noticed almost always asks you to create one when you visit the site; Google, which has also been providing users with multiple methods to secure their accounts; and Microsoft, which made passkeys the default login option for new accounts. There’s a reason that retail and payment companies are also pushing passkeys: Issues like forgotten passwords, late SMS messages, and other tech troubles could cost them money in the form of abandoned carts and delayed purchases. And, as we’ll see later in the story roundup, most data on the dark web comes from retail services.
Speaking of passkeys, using them is a snap when you also use a password manager. When testing password managers, we especially appreciate those providing inheritance options, which allow your loved ones to access your passwords and online accounts in an emergency. Unfortunately, those inheritance options can turn into a security nightmare when exploited, as we reported earlier this week when it happened to LastPass. Hackers launched a campaign to trick LastPass account holders into entering their account information on a phishing site, with some even going so far as to call users posing as LastPass employees to obtain their credentials.
And since we’re talking about sensitive information on the web, this week we covered a new study that revealed that unauthorized AI use at work has exploded. The result is that sensitive corporate information has also exploded onto the clear web, thanks to it being absorbed by and republished by AI companies that often have no idea they’re hosting confidential information. Seriously—one quick web search and you can find several examples of financial reports, documents marked “internal use only,” entire manuscripts, and more.
See the Business Data Leaking Onto the Dark Web With Proton’s Data Breach Observatory
Proton, the security company behind products like Proton VPN, Proton Pass, and Proton Mail, just introduced a new service designed to alert the public to corporate data breaches when they occur, even if the company in question would rather not make a public statement about it. The Proton Data Breach Observatory is a comprehensive and regularly updated list of data breaches, including the date of the breach, the types of data compromised, and the severity of the issue.
In a statement, Proton said that because data breaches have become so common, only the most significant ones receive media attention, which can leave people with a false perception of security. The platform is based on the same kind of dark web monitoring and research that the company already conducts, but assembled in a digestible format for both security professionals and individual users alike. That means the tool doesn’t rely on self-reporting; it comes directly from where the data lives, on the dark web. Currently, nearly 800 breaches are on the site, with most sensitive data consisting of names, email addresses, and other contact details, followed by passwords. As for targets, the available data primarily comes from retail businesses. All of this is a reminder to practice good internet hygiene.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
This Security Hole Can Crash Billions of Chromium Browsers, and Google Hasn’t Patched It Yet
Odds are you’re reading this using a web browser based on Chromium. That’s Google’s architecture for browsers, and at this point, the vast majority of the web has been built around the assumption that you’ll be using one. Chromium browsers include Chrome, obviously, but also Microsoft’s Edge, Brave, Vivaldi, and OpenAI’s newly released (and problematic, as we discussed last week) Atlas browser. Unfortunately, as The Register reports, independent security researcher Jose Pino discovered a flaw in Blink, the rendering engine used by Chromium browsers, that, when exploited, can cause the browser to freeze within seconds, and in some cases freeze the host system as well by sucking down all available memory.
Recommended by Our Editors
The Register’s full story explains in detail how the exploit works and what happened when they tested it (spoiler: it’s bad). However, it’s worth noting that they contacted the developers of nine different Chromium-based browsers. Seven didn’t respond. The developers of Brave said that, because it’s an issue with Chromium, they would implement a fix as soon as Google had one. Google, for its part, said it’s looking into it. Luckily, other rendering engines were immune to the issue, including Gecko (used in Firefox) and WebKit (used in Safari).
Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa
Among the many social consequences of AI that we have yet to fully reckon with is the rapid proliferation of generative AI-powered scams, a trend we’ve been reporting on since the beginning of the year. And as Dark Reading reports, before the scams reach you and me, scammers test their tactics on regions of the world that lack the same consumer protections and cybersecurity infrastructure available to us.
In this case, Dark Reading notes that scammers are using AI to set up entire scam “hubs,” where scammers utilize generative AI tools in the same way anyone would use business software. Except at these jobs, the goal is to create deepfakes and phishing messages that are culturally appropriate in context, thereby removing one more way victims can discern that the sender (or even the caller) isn’t who they claim to be. Right now, the attacks are also centered on African institutions, where the scam hubs are also based. But experts all agree that it’s more of a proving ground. As AI-powered impersonation and phishing attacks become more effective, they’ll get more popular—which means they’re coming for everyone, everywhere.
About Our Expert
Alan Henry
Managing Editor, Security
Experience
I’ve been writing and editing stories for almost two decades that help people use technology and productivity techniques to work better, live better, and protect their privacy and personal data. As managing editor of PCMag’s security team, it’s my responsibility to ensure that our product advice is evidence-based, lab-tested, and serves our readers.
I’ve been a technology journalist for close to 20 years, and I got my start freelancing here at PCMag before beginning a career that would lead me to become editor-in-chief of Lifehacker, a senior editor at The New York Times, and director of special projects at WIRED. I’m back at PCMag to lead our security team and renew my commitment to service journalism. I’m the author of Seen, Heard, and Paid: The New Work Rules for the Marginalized, a career and productivity book to help people of marginalized groups succeed in the workplace.
Read Full Bio
