Tag Archives: passwords

As 8 billion passwords leak online here are three things you must do right now

Last week it was revealed that a staggering amount of passwords have been exposed in a massive data leak. A text file, that was uploaded to the web, contained a total of 8.3 billion passwords with experts warning that this could be one of the biggest breaches in modern history. The attack was discovered by the team at CyberNews who say that due to the scale of the leak this issue is almost certain to affect a very large number of people. The data dump has been dubbed ‘RockYou2021’ by the hackers which appears to be in reference to the infamous RockYou data breach that occurred in 2009 where more than 32 million user passwords were leaked.

Speaking about the latest threat, CyberNews said: “By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts.”

It’s clearly serious and, if you are worried about this threat, here are three things you must do today.

CHECK YOUR PASSWORDS

It’s a really good idea to see if your password has been leaked in any recent attacks. CyberNews and other sites, such as have i been pwned, offer a simple way of checking your details to see if they may be in the hands of hackers.

Google’s Chrome browser and Apple’s Safari can also help with both of these browsers showing if you have weak passwords.

On Safari, head to Preferences > Passwords. Here you will see a list of your accounts and passwords with a warning sign placed besides any that have been used multiple times.

If you use Chrome, head to Preferences > Passwords and tap the Check Passwords button. You’ll then see any accounts with weak security.

USE A PASSWORD MANAGER AND TWO FACTOR AUTHENTICATION

If possible, always use two-factor authentication to double up on security for your account. Some applications offer this and software is available to ensure that all applications can use it.

Two-factor authentication basically means you’ll get a text with a code before being allowed to log in to accounts.

If you’re always forgetting your codes then there is a range of software that can help.

A number of popular password managers, including the excellent 1Password, leverage Have I Been Pwned’s unmatched database to alert users when one of their passwords or login credentials has been made available to hackers.

Speaking about the latest breach, Ray Walsh, Digital Privacy Expert at ProPrivacy, said: “Hackers compiled this massive cache of passwords from several previous data branches, and it is extremely concerning because of its sheer magnitude.

“With so many passwords sitting in the database in plain text consumers need to act quickly to ensure that their accounts are safe, because this database creates the potential for a sudden wave of cyberattacks.

“Setting up new passwords for multiple accounts doesn’t need to be a headache if you use a reliable password manager that does the hard work for you.

“Anybody concerned that their password may be affected by this breach should ensure that they are using 2FA wherever possible to ensure that a password alone will not be enough to breach their account.

“As always, monitor your accounts closely and if you notice any unusual activity, be sure to act quickly to update your password and ensure that hackers are removed from those services.”

Author:
This post originally appeared on Daily Express :: Life and Style Feed
Read More

Billions of passwords just leaked online! Check here to see if you are affected

The security team says it is currently updating this database with all of the new passwords revealed in the document so it might be worth checking back again to see if your account has been added.

Speaking about the latest threat, CyberNews said: “By combining 8.4 billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts.

“Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.”

If you suspect that one or more of your passwords may have been included in the RockYou2021 collection it’s recommended that you change your account details straight away and watch out for incoming spam emails.

It’s also a good idea to enable two-factor authentication which means hackers can’t log in to accounts without also having access to your smartphone.

Author:
This post originally appeared on Daily Express :: Tech Feed

Microsoft warns millions about gruesome malware that steals passwords and hijacks webcams

Microsoft has sounded the alarm about a dangerous new strain of malware that can steal your account login details, duplicate anything you’ve copied on your computer, and spy through your webcam. The malware is being distributed with dodgy PDFs, which are attached to emails that are sent out to unsuspecting PC owners.
Trying to open the PDF is enough to kickstart the attack. Double-clicking on the fake file will “download a malicious VBScript, which drops the RAT payload,” Microsoft cautions. RAT stands for Remote Access Trojan, inspired by the military tactic used by the Greeks, which sees seemingly safe files laced with malware as a way to sneak them onto victim’s computers.

According to the research by Microsoft, attackers are currently spoofing legitimate organisations in the aviation, travel, or cargo industries to trick email users into launching the malware-laced PDF.

This type of RAT is designed to steal a myriad of information. Login credentials, including usernames and passwords for your online accounts, anything that has been stored in the clipboard (the tool that enables you to copy-and-paste text, images, apps, and more across the operating system), as well as images from your webcam. If these stolen details don’t directly allow the cybercriminals to earn a profit (a password to your online banking is a pretty quick way to make a buck or two) then the data can be used to blackmail users into paying up.

MORE LIKE THIS
This horrible new Windows 10 bug sounds like the most annoying glitch ever

A number of recent scams have seen users blackmailed by bad actors who claim to have access to stolen pictures from your webcam. If you don’t pay up, the hackers threaten to send the offending images to friends, family and colleagues, who they know thanks to stolen access to your social media accounts.

It’s gruesome stuff, but unfortunately, these types of cyber attacks are becoming more common.

Worse still, you don’t even have to download the problematic PDF to fall victim to this type of attack. As Microsoft warns, it can only take one person in a sprawling multinational company to fall foul of this scam before the malware spreads across the business’s entire IT network. So, you could be working at home, blissfully unaware that one of your colleagues has fallen for the scam, only for hackers to have access to your webcam.

Some security experts have speculated that a dodgy email with a malicious file attached was how hackers managed to blackmail the CEO of the Colonial Pipeline in the United States to the tune of $ 4.4 million to regain access to their internal IT network. That shows the scale of the attacks possible with this type of technique.

Ensuring that you use a uniquely generated password for every online account is a good way to shield yourself. That way, should hackers gain access to one of your login credentials – they won’t be able to use the same email-password combination to unlock every single account in your name. Never download any unsolicited files that you’re not sure about. And don’t be afraid to talk to your IT team if you’re suspicious of something.

If you’re running Windows 10, Microsoft has included an application called Windows Sandbox. This creates a standalone, virtual version of Windows 10 that’s separated from your files, applications, and data. Launching this app, pasting the file you’re concerned about onto the blank desktop, and opening it within Windows Sandbox can be a good way to vet a dodgy file. 

Author:
This post originally appeared on Daily Express :: Life and Style Feed
Read More

If you’re using ANY of these words in your passwords – you need to make a change today

It’s not a great time to be relying on a weak password to secure your online accounts. Of course, it’s never a great time to be relying on a weak password… but security experts have warned that last year saw cyber security threats increase by a fifth (20 percent) worldwide. And that trend is unlikely to reverse anytime soon as many of these campaigns have been hugely successfully, netting millions of credit card numbers, mobile numbers, and home addresses for cyber attackers. 
A recent survey conducted by the National Cyber Security Centre (NCSC) proved that UK passwords are often comprised of easily-guessable words or names, including pet’s names (15 percent), family members’ names (14 percent), an important date in their life (13 percent) or their favourite sports team (six percent). Given there are 53 million adults living in the UK, that’s roughly 7.9 million people using the name of their pet to secure their social media profiles, emails, online banking, and more. As such, there could be millions of ideal targets for criminals relying on trial-and-error techniques to break into online accounts.

In response to the survey, cyber security firm Nexor – which has contracts with the UK Government – has issued a warning to users worldwide. Sarah Knowles, principal security consultant, said: “No one is immune to the threat of cyber attacks. We have recently seen cyber criminals imitate the World Health Organization (WHO), the US Centre for Diseases Control (CDC) and the UK government, by creating false domains and text messages requesting passwords and financial contributions.

Author:
This post originally appeared on Daily Express :: Life and Style Feed
Read More

Your passwords could be exposed by making ANY of these 3 simple mistakes

Some incredibly simple mistakes can easily put your most important online details in the hands of hackers. That’s the latest findings from the security team at McAfee who have discovered many of us are not following the most basic rules when it comes to our online accounts. The findings have been released to mark World Password Day, which is today (May 6, 2021) and they make for some pretty terrifying reading.
You’re probably already aware that using the same password for multiple accounts is a terrible idea and coming up with a security code that includes details that are easy to guess for anyone who knows you – like birthdays or pet names – is about as secure as a padlock with the key left in it.

However, many of us continue to do just that when setting up an account or trying out a new online service or app. We’re also terrible at changing a password once it’s been chosen leaving online at high risk of attack.

According to McAfee, more than a third of Britons say they have not changed their password for a long period of time. Worst still, 37 percent have admitted to reusing the same or similar password more than once and 19 percent of people have actually written down their password on a piece of paper to make it easier to remember.

All of this can make it simple for hackers to access multiple devices with just one simple click. Another change that’s easy to make and can improve things is setting up multi-factor authentication which means accounts need an additional layer of security to be accessed.

READ MORE: WhatsApp releases six new ways to improve your chats

Password sharing: Passwords should never be shared with anyone else, even trusted family and friends. Sharing a password could result in critical personal information falling into the wrong hands. McAfee advises against this and encourages consumers to keep all passwords to themselves. Even more importantly, never share a password over text, email, or any other online communication channel.

Keep it impersonal: Passwords that include personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But, you can use personal preferences that aren’t well known to create strong passphrases.

Never reuse passwords: If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has become even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.

Employ a password manager: If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager. These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.

Employ multi-factor authentication: You can double-check the authenticity of digital users and add an additional layer of security to protect personal data and information.

Author:
This post originally appeared on Daily Express :: Tech Feed