Last week it was revealed that a staggering amount of passwords have been exposed in a massive data leak. A text file, that was uploaded to the web, contained a total of 8.3 billion passwords with experts warning that this could be one of the biggest breaches in modern history. The attack was discovered by the team at CyberNews who say that due to the scale of the leak this issue is almost certain to affect a very large number of people. The data dump has been dubbed ‘RockYou2021’ by the hackers which appears to be in reference to the infamous RockYou data breach that occurred in 2009 where more than 32 million user passwords were leaked.
Speaking about the latest threat, CyberNews said: “By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts.”
It’s clearly serious and, if you are worried about this threat, here are three things you must do today.
CHECK YOUR PASSWORDS
It’s a really good idea to see if your password has been leaked in any recent attacks. CyberNews and other sites, such as have i been pwned, offer a simple way of checking your details to see if they may be in the hands of hackers.
Google’s Chrome browser and Apple’s Safari can also help with both of these browsers showing if you have weak passwords.
On Safari, head to Preferences > Passwords. Here you will see a list of your accounts and passwords with a warning sign placed besides any that have been used multiple times.
If you use Chrome, head to Preferences > Passwords and tap the Check Passwords button. You’ll then see any accounts with weak security.
USE A PASSWORD MANAGER AND TWO FACTOR AUTHENTICATION
If possible, always use two-factor authentication to double up on security for your account. Some applications offer this and software is available to ensure that all applications can use it.
Two-factor authentication basically means you’ll get a text with a code before being allowed to log in to accounts.
If you’re always forgetting your codes then there is a range of software that can help.
A number of popular password managers, including the excellent 1Password, leverage Have I Been Pwned’s unmatched database to alert users when one of their passwords or login credentials has been made available to hackers.
Speaking about the latest breach, Ray Walsh, Digital Privacy Expert at ProPrivacy, said: “Hackers compiled this massive cache of passwords from several previous data branches, and it is extremely concerning because of its sheer magnitude.
“With so many passwords sitting in the database in plain text consumers need to act quickly to ensure that their accounts are safe, because this database creates the potential for a sudden wave of cyberattacks.
“Setting up new passwords for multiple accounts doesn’t need to be a headache if you use a reliable password manager that does the hard work for you.
“Anybody concerned that their password may be affected by this breach should ensure that they are using 2FA wherever possible to ensure that a password alone will not be enough to breach their account.
“As always, monitor your accounts closely and if you notice any unusual activity, be sure to act quickly to update your password and ensure that hackers are removed from those services.”
Published at Sun, 13 Jun 2021 09:55:00 +0000