At least 5.5 Billion email addresses and passwords are currently compromised around the world, according to Have I Been Pwned (HIBP).
Some 585 million of those passwords were recently supplied by the UK National Crime Agency (NCA) after an investigation uncovered a major security breach.
2
HIBP creator Troy Hunt, who is also a Microsoft Regional Director, wrote in a new blog post today that 225 million of the breached passwords provided by the NCA were “completely new.”
The NCA said in a statement shared with Hunt that they found the compromised passwords, along with their associated email accounts, in a UK cloud storage facility.
“Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown,” the NCA stated.
“The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offenses,” they added.
The newly-acquired compromised passwords, which so far have not been associated with a particular company or platform, can be viewed on HIBP’s website, under a section titled “Pwned Passwords.”
This section allows companies and system administrators to check if their passwords have been breached by hackers and if they exist on third-party lists utilized by threat actors.
Most read in Tech
The UK law enforcement agency is now the second to collaborate with HIBP, after the US Federal Bureau of Investigations began a similar investigation with the website in May 2021.
What can hackers do with your credentials?
If a hacker or threat actor gains access to your credentials, they can do a number of things with them.
For starters, they may sell your data to other threat actors.
Since people tend to recycle their logins for multiple sites, hackers may also try to access your other accounts — this is a tactic known as “credential stuffing.”
Credential stuffing tends to target accounts associated with payment details, and usually leads to “account takeover” and identity theft.
Lastly, threat actors may use your credentials in phishing schemes, or even extortion to try to get credit card information out of you.
How to check if your email has been breached
To check if your email has been compromised, go to HIBP’s homepage.
Once there, you can enter your email address or phone number into the “Pwned?” search bar.
If your credentials have been breached, the site will provide you with all known data breaches with records tied to that email address.
How to protect yourself
To protect yourself, you can use 1Password’s software, which generates and stores strong passwords for each website.
It is also recommended to enable 2-factor authentication for your 1Password generated credentials, as it makes it harder for hackers to breach them.
Finally, you can subscribe to HIBP’s notifications on security breaches and then change that leaked password immediately.
2
Cyber security company show how hackers could use your PRINTER to access your Gmail in new cyber security threat
In other news, iPhone owners are being driven up the wall by a potentially dangerous Bluetooth bug.
People have been urged to be careful if someone has left their iPhone in the room as they could be using it to spy on you.
And Pornhub has exposed what horny Americans and Brits have been looking for in the past year – and there’s a new favourite in town.
