Notice: amp_is_available was called incorrectly. `amp_is_available()` (or `amp_is_request()`, formerly `is_amp_endpoint()`) was called too early and so it will not work properly. WordPress is currently doing the `pre_get_posts` hook. Calling this function before the `wp` action means it will not have access to `WP_Query` and the queried object to determine if it is an AMP response, thus neither the `amp_skip_post()` filter nor the AMP enabled toggle will be considered. It appears the theme with slug `publisher` is responsible; please contact the author. Please see Debugging in WordPress for more information. (This message was added in version 2.0.0.) in /home/runcloud/webapps/techilive/wp-includes/functions.php on line 5313
Billions of passwords leaked online from past data breaches - TechiLive.in

Billions of passwords leaked online from past data breaches

0

Dubbed RockYou2021, the list as revealed on a hacker forum contains 8.4 billion password entries, says CyberNews.

Image: iStock/sasun bughdaryan

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches, tech news site CyberNews said on Monday.

Loading...

SEE: Extra security or extra risk? Pros and cons of password managers (TechRepublic)  

Based on comments from the user, the passwords in the collection range from 6 to 20 characters with non-ASCII characters and white spaces removed. The user actually claimed that the list has 82 billion passwords.

But CyberNews refuted that claim, saying that its own test found around 10 times fewer entries, putting the figure closer to 8.4 billion. That’s still a substantial number, especially considering that there are 4.7 billion active internet users around the world.

Loading...

The forum user named the collection RockYou2021, which CyberNews said it believes is a reference to the 2009 RockYou data breach in which social game developer RockYou was hit by an attack that exploited a SQL injection flaw. In this incident, the 32 million leaked passwords had been stored in an unencrypted format, making it easy for hackers to obtain them through brute force.

The 2021 version of RockYou contains so many passwords because it tapped into a host of leaked databases from the past, including the Compilation of Many Breaches (COMB), which revealed more than 3.2 billion unique pairs of emails and passwords in clear text. The only bright spot is that many of these passwords may be from inactive accounts or have since been changed.

“Any password leaks of large volumes are always alarming to hear and should be taken seriously,” said Blue Hexagon CTO and co-founder Saumitra Das. “Our own investigation of this report has shown that quite a large number of accounts passwords are recycled from previous breaches and not necessarily active.”

Loading...

For now, users concerned about leaked passwords and other sensitive information are urged to take a few actions, as advised by CyberNews.

  • Use a reputable data leak checker where you can enter your email address to find out if your account may have been caught in a breach. Sites worth trying include Have I Been Pwned, Firefox Monitor, and Avast Hack Check.
  • If you know or even suspect that one of your accounts was caught in a data breach, change your password immediately.
  • Consider using a password manager to create, store and apply strong and secure passwords for your online accounts.
  • Enable multifactor authentication on any accounts where this method is offered.
  • Look out for an increase in spam and phishing emails through which attackers try to use your leaked email address to scam you.

And though passwords continue to seem like a necessary evil, other more secure authentication methods are available, especially for organizations.

“Companies and users need to treat these developments as a wake-up call to end their overblown reliance on passwords,” said Veridium’s chief revenue officer, Rajiv Pimplaskar. “Passwordless authentication methods such as phone as a token and/or FIDO2 security keys are now commonly available. Such solutions create an un-phishable connection between the user and the IT system and eliminate the need for a password, thereby reducing the attack surface and making the environment more resilient against cyberattacks.”

Loading...

Also see

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

Loading...

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Loading...
Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@techilive.in. The content will be deleted within 24 hours.

Leave a comment