A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.

Yahoo disclosed today that attackers in 2013 stole data associated with more than 1 billion accounts. CISO Bob Lord said this incident is “distinct” from a 2014 attack in which 500 million accounts were breached.

KFC Corporation warned 1.2 million of its UK-based Colonel’s Club members to reset their passwords after 30 members were targeted in an attack.

Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log into their account. The company claims the move is “purely a preventative measure” and stressed that there’s no proof users’ accounts have been improperly accessed....

Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend. John Bennett, product line director for Citrix said the attack was a result of leaked passwords from other accounts used to crack open existing GoToMyPC accounts....

Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013. A Tumblr spokesperson would not disclose who had accessed the data, where it was found, nor how many email addresses were impacted and how many of those are...

Cloud-based webhost Linode absorbed another body blow on Tuesday when it said it was resetting customer passwords after a suspected breach. The development compounded the company’s existing woes as it continues to battle a distributed denial-of-service attack that began on Christmas. A Linode representative said late Tuesday its executives were unavailable for comment and that...