The largest-ever compilation of stolen passwords and emails was recently posted online on a hacking forum that anyone could access. The lists contain a staggering 3.27 billion entries! The enormous database appears to be a compilation of leaked login credentials and other information from previous data leaks. The passwords and emails are from leaks not only in the USA but from all over the world. The hackers have managed to compile information stolen from different data breaches over the years and put it in a single accessible place.
Over the years, there have been billions of leaked login credentials that hackers are utilizing to this day. This is why reusing your password, or using a very similar one that could easily be guessed, is never a good idea. It takes months for companies to announce that they have been hacked, giving hackers plenty of time to utilize any stolen information. You may be wondering why are companies sometimes slow to reporting data breaches? To answer this question, we have to get back to how such breaches are usually being discovered.
The breaches are usually intercepted by in-house cybersecurity experts or cybersecurity researchers who love to poke around the internet looking for possible vulnerabilities. When such vulnerabilities are found, cyber experts, inform the affected organization. Then the company takes its time to patch it. Once the exposure is fixed, and their marketing and legal teams have allowed them to announce the breach, the hacked company informs its users about the already resolved vulnerability that might have exposed personal information. The whole process can take months and ever years. You may start wondering why cybersecurity researchers don’t tell the world immediately?
They indeed could immediately sound the alarm, but they rarely do it because this would be unethical. Instead of helping the company, they may attract even more criminals who want to exploit the vulnerability. So long story short, regular folks might need months and sometimes even years to be informed about a data breach by the hacked organization. And with this in mind, regular users never really know if their information has not already been stolen. However, there are websites where you can chek if your data has been compromised.
The solution is proper password hygiene. Keep changing your passwords at least once every three months, and remember never to reuse passwords. Avoid using patterns between old and new passwords too. If you are struggling to remember all the passwords, use a password manager. Most likely, your antivirus software has this feature already included. By relying on a password manager, you will not have to remember tens and sometimes hundreds of passwords, but just one master password that would give you access to all of the others when you need them. Reliable software protection packages can recognize and remember all the data required to log you into your favorite services.
The fact that hackers are creating such compilations of different data breaches means that internet users continue to ignore basic password hygiene practices and continue not to change passwords often enough. It also means that users systematically reuse old passwords. With easily accessible compilations such as this one, cybercriminals are only a search away from getting access to your potentially active login credentials. Be smart and change your passwords often; you have 3.27 billion reasons why you should not ignore this advice.
1 comment
This is bad advice. It is not considered good practice to change your password very 3 months as mentioned in this post.