The largest ever theft of passwords uncovered

What appears to be the greatest theft of user credentials in history has been reported by Hold Security, a small US security firm. No less than 1,200 million login credentials have been stolen from numerous websites around the world. Although all the details are still not clear, it seems the cyber-crime group behind this theft used automated tools to exploit known bugs in databases such as SQL. Apparently, they were on the lookout for websites that had failed to update software and were therefore vulnerable to attacks. A total of 420,000 websites were targeted.

It’s still not known which websites are affected by the attack, neither have they all been contacted to advise them to update their defenses. Hold Security has yet to contact the authorities, although it planned to do so after reporting this story.

What can you do in the light of this attack?

It is clear that no matter how well protected your computer is, there’s nothing you can do if, as in this case, you are not the direct victim. Here for example they have stolen user databases from websites, not from users’ computers. That’s why one of the most important security measures you can take is to never use the same login credentials on more than one website. If you reuse usernames and passwords for different services you are increasing the risk, because if one of these sites is compromised, your other accounts will be vulnerable.

A good example of this was the recent case in Australia, where users of iPads/iPhones had their devices hijacked by cyber-criminals who demanded a ransom to hand back control. Some sources speculated that Apple’s databases may have been hacked, though the company denied this. Everything then pointed towards the source of the problem as being an Internet forum on which users had set the same password as they had for Apple’s iCloud service.

How to make a strong password

  • Use numbers
  • Include letters as well
  • Combine upper and lower case
  • Add symbols such as@, #, ? or %
  • Where possible it should have at least eight characters. The longer it is, the more difficult it will be to guess
  • Never use a run of consecutive numbers or letters: 123456; 987654; abc123
  • Never use adjacent keyboard letters: qwer123; asd987
  • Your password should not be something easily associated to you. Never use your name or date of birth.

More information| How to create strong passwords