All sorts of data leaks, and those involving credentials in particular, have long become nothing out of the ordinary. Troy Hunt, the operator of Have I Been Pwned, which monitors breaches and lets you check if your data have been compromised, says he’s developed high tolerance for the flow of information about new user databases appearing on darkweb markets. According to him, most of those are just compilations of the old leaks. However, the latest offering seems to contain a lot of new, previously unpublished credentials that give access to user accounts on Facebook, Roblox, Yahoo, eBay, Coinbase, etc.
The magnitude of the leak
Databases of leaked credentials usually count entries in millions, otherwise, they aren’t really useful to anybody for anything except very specific goals. In this case, the number is almost 71 million, and of those, about 25 million login/password pairs (linked to respective websites) are new.
How to protect yourself from password leaks
- First off, change passwords for all sites and services that are crucial to your online/offline existence. Not only those that have to do with finances.
- Secondly, if there’s a two-factor authentication process offered by a site/service – go for it. Better yet, switch to passkeys, if those are available (read this piece for more info on them).
- Thirdly, start using a password manager software, like KeePass or Bitwarden. And let them generate passwords for you.
- Make it a routine task to change passwords to essential resources at least once every 6 months.
- Don’t click links from obscure sources, doubt everything suggested online, verify and re-verify, and change your credentials ad hoc, whenever you feel something fishy is going down.
The leaked data seems to have been collected by malware, which underscores the importance of item #5 up there and suggests using decent antivirus software on all your devices. Check out Informer’s collection of such programs: