Data leaks aren’t anything new in our modern digital world. However, when they occur, the big companies are usually targeted. Unfortunately, nowadays, even casual internet users can have their accounts easily hacked, as the newest massive password dump demonstrates.
Over 71 million unique credentials used for logging into websites such as Facebook, eBay, Roblox, and Yahoo have been stolen. And have been circulating on the web for the last four months.
According to Troy Hunt, from the breach notification service “Have I Been Pwned?“, all these unique logging credentials have been released on the web in underground markets.
Although password dumps usually contain previously breached accounts. This new massive password dump contains at least 25 million new credentials that haven’t been leaked before. This massive data consists of only 104GB, spanning 319 files.
The data breach was possible due to stealer logs (malware), which stole credentials from compromised devices. The email addresses and passwords came up from various websites, including Facebook, Yahoo, Yammer, Coinbase, Roblox, and eBay.
However, another crucial factor played a role in the data breach. Namely, that internet users use the same credentials across multiple platforms. They also use weak passwords such as birthday numbers or names.
Troy states that the number of breached accounts might be higher as some accounts share the same login credentials across multiple platforms. Several affected users were contacted to confirm the massive password dump’s authenticity.
Some of the affected users that were reached reportedly confirmed that they still use or have used those credentials in the past. Some of the publicized passwords, for example, have been valid since 2020.
Unless affected users have changed their passwords recently, the details of these breached accounts remain valid and easily grabbable on dark web forums or other underground digital marketplaces.
The newest massive password dump from the end of 2023 confirms that malware, phishing attempts, hacking, and other types of cybercrimes are as effective as ever. It also confirms that most internet users aren’t aware of the frailty of their devices, software, and credentials when it comes to theft.
If you want to make your account safe again, follow these tips:
Passwords such as your birthday or your dog’s name are easily breachable. Instead, you should focus on creating a strong, unique password to keep your account safe. Consider using at least 11 characters when creating a password, and avoid using the same password across multiple platforms.
You should also consider regularly changing your password for further safety. To keep track of your passwords or receive help in creating a strong one, you can always use a password manager.
You don’t always know when you are on a phishing website or when you are about to download a malicious file that can compromise your device and credentials. However, you can use a virtual private network (VPN) to make your internet browsing experience safer and anonymous.
Some VPNs have antiviruses, tracker blockers, and other features for enhanced security purposes. A VPN also encrypts your online data to be safe even when connecting to unsecured public WI-FIs.
Even if you are about to enter a malicious site or download a suspicious file, your VPN will block it ahead of time, depending on the provider and its features. You can scan a file for viruses if you want to double-check its legitimacy.
If you want to add an extra layer of security to your online accounts, you can always use the two-factor authentication feature. This way, you can set up a secondary password or other authentication method to double your security. In some instances, you will also be notified if someone tries to use your credentials.
Many stealer logs or malware can easily steal your credentials once they access your devices. Fortunately, you can be alerted to suspicious files and websites using a legitimate antivirus or antimalware service. Although these apps can potentially interfere with your gaming experience or other applications, you can always use the silent mode to continue your activities uninterrupted.
Sites such as the breach notification service “Have I Been Pwned?” can immediately let you know if your credentials have appeared in any recent breaches. You can periodically search for breaches to see if your account has been compromised. If it was, change your credentials immediately.
Phishing scams, malware, viruses, and everything changes in time and takes on another form. This is why you should stay informed about them to prevent data breaches and keep reading about the best cybersecurity practices. Staying safe is better than regretting it afterwards.