21 Million Hacked User Passwords Posted on the Network
OREANDA-NEWS Data accounts of Russian users are among the 21 million passwords published by unknown hackers. This was told on Thursday, by Senior anti-virus expert "Kaspersky Lab" Sergei Lozhkin.
Earlier on Thursday, the American magazine Wired reported that unknown hackers published on the Internet a large array of stolen personal data of users, including nearly 773 million email addresses and more than 21 million passwords. According to the publication, the volume of uploaded data is more than 87 gigabytes. Wired calls this leak of personal information one of the largest: an array of data formed over several years on the basis of leaks from thousands of different Internet sources. Most of the passwords were stolen only during two hacks of Yahoo servers a few years ago, but then the stolen information was not posted in the public domain.
"This huge database has been collected for a long time. It added accounts and passwords, including those of Russian users, which became public after major leaks, so some of the credentials are likely to be out of date. However, it is no secret that people do not change passwords for a long time and often use the same passwords on several sites, despite the risks associated with such behavior," Lozhkin said.
According to him, this collection of email addresses and passwords can be easily turned into a simple list. "And then all you need to do is to write a simple program to check whether these passwords are relevant," said the expert.
The consequence of gaining access to accounts can be, for example, a very successful phishing, as criminals can automatically send malicious emails throughout the address book of the victim, said Lozhkin. In addition, among the possible consequences are targeted attacks aimed at stealing digital identity or money, as well as compromising data from social networks, he explained.
Kaspersky Lab advised Internet users who use e-mail credentials for online activity to take a number of measures to protect themselves.
"Check if your email is mentioned in this database or previous similar databases of "merged" accounts. Change passwords for your most important and sensitive accounts (Internet banking, online payments, or social media accounts), preferably with a password Manager. If possible, enable two-factor authentication, " the recommendations say.