More than three billion email addresses and passwords are now in the hands of hackers. As reported by CyberNews, some 3.2million cleartext emails and password pairs have been leaked on a popular hacking forum online. This latest leak aggregates past leaks from Netflix, LinkedIn, Bitcoin and more.
So, these passwords aren’t necessarily the ones needed to login to a corresponding email account. Just emails and logins used to access services such as Netflix that were caught up in other leaks.
However, if this password and email combo is used across a variety of different services (i.e to login to email inboxes and access online shopping portals) it could give affected users a major headache.
The study does not specifically mention whether accounts from email providers such as Hotmail, Outlook, Yahoo Mail or more are among those affected.
But Express.co.uk used a tool online to check whether any of our personal addresses were caught in in the breach, and found one Gmail addie that was affected.
This latest leak is believed to be the largest ever compilation of email addresses and passwords to be leaked online.
The previous largest breach was the Breach Compilation of 2017 which saw 1.4billion credentials leaked online.
However, this latest leak – known as the ‘Compilation of Many Breaches’ (COMB) – is over twice the size of the 2017 data cache.
CyberNews said the potential impact of this latest breach is “unprecedented”, especially if any affected users use the same password for their email for other online services.
While it isn’t best practice to do so, some people do tend to reuse passwords as it can be easier to remember.
If you have been impacted by this latest breach, and also use the affected password for other online accounts then we’d advise you to change both swiftly.
Enabling two-factor authentication (2FA) when websites allow it also helps add an extra layer of protection to your accounts.
CyberNews said: “The impact to consumers and businesses of this new breach may be unprecedented. Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing attacks is the biggest threat.
“If users use the same passwords for their LinkedIn or Netflix as they do their Gmail accounts, attackers can pivot to other more important accounts.”
They went on to add: “Users are normally recommended to change their passwords on a regular basis, and to use unique passwords for every account. Doing so – creating and remembering unique passwords – can be quite challenging, and we recommend users get password managers to help them create strong passwords.
“And, of course, users should add multi-factor authentication, like Google Authenticator, on their more sensitive accounts. That way, even if an attacker has their username and password, they won’t be able to get into their accounts.”
Published at Fri, 12 Feb 2021 08:01:00 +0000