cybersourcedaily.com

Cyber news for everyone

This Data Breach Looks Big—But There’s a Twist

by

Bleeping computer reports that the big data breach that everyone is talking about is actually aggregated data from prior leaks. It’s not new data from a new leak. This data has been in the hands of criminals and cybersecurity researchers for a while.

This includes 30 databases containing ~3.5 billion passwords each.

Data set contains credentials for the following services:

  • Apple IDs
  • Gmail
  • Facebook
  • Github
  • Telegram
  • Government portals
  • and more…

How did all of this data get stolen in the first place?

Infostealer malware

There is a class of Malware known to the cyberworld as infostealer malware. As the name suggests, this malware infects the victim’s computer and scans it for any goodies it can find. It looks for passwords stored in browsers, cryptographic keys on your system, or really anything that could be of interest to a criminal.

How do people get infected with infostealer malware?

  • cracked software
  • pirated games
  • phishing emails
  • malvertising
  • fake browser extensions
  • messages on discord/telegram
  • compromised websites
  • carelessness in general

What to do?

Here are a few things you can do to address this situation. If you’re already doing them then that’s great.

Enable Two-factor Authentication

Enabling 2FA can stop the attacker even if they have your username and password. This is an easy win, you just need to go into the settings and enable it.

  • Editor’s choice

    Free OTP

    I like the simplicity of this plugin and the fact that it is free software. It’s available on iOS and Android devices.

    https://freeotp.github.io

Use a Password manager

If you aren’t using a password manager what the hell are you doing? You should be using one. They will protect you from a whole class of attacks known as credential stuffing. That’s where they try one username & password pair across multiple websites.

Even if you could come up with a strong password every time you need to, chances are you won’t be able to store it securely. With the password manager you only need to remember one password—the one to unlock your password manager. It will create all the rest of the passwords you need and store them for you.

  • Editor’s choice for cross-platform

    I like Bitwarden. It’s libre software, aka open-source. You also don’t have to pay for it for personal use. They have tiers, but the free tier is sufficient for an average home user.

  • Editor’s choice for Apple users

    If you’re an Apple user and you don’t already have a password manager, you should definitely start using their new Passwords app (Passwords.app). Bitwarden is more fully featured, but this offers an easy way to get started for Apple users.

Change compromised passwords

Find out whether or not you have exposure in this data breach by checking on haveibeenpwned.com. If you find your email is in the data set, you’re going to want to follow the previous two suggestions if you’ve not done so already. Then change the password.