Cybersecurity: Experts unravel record 8.4bn password hack, urge proactive steps

*Cybersecurity experts outline what online consumers need to do, saying criminals could use the compromised information

Isola Moses | ConsumerConnect

With other breach compilations containing usernames and e-mail addresses that portend big trouble for billions of people worldwide, security experts say the  largest password collection ever has been posted online, representing 8.4 entries altogether.

This figure eclipses an earlier record of three billion passwords hacked February this year, agency report said.

The password collection, dubbed “RockYou2021” by forum members, is thought to be a compendium of passwords cobbled together from other data breaches.

When CyberNews’ Edvardas Mikalauskas ran the numbers on the leak, he found them to be rather unnerving.

Mikalauskas hypothesised: “Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over.”

According to the expert, if a deft threat actor combined those 8.4 billion unique password variations with other breach compilations that contain usernames and email addresses, it could mean big trouble.

They could potentially leverage the RockYou2021 collection to create password dictionaries, and use password spraying attacks against a limitless number of user accounts.

Mikalauskas said: “Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak can potentially reach millions, if not billions.”

What online users should do

In regard to the size and scope of the data leak, anyone who does anything online should check if his or her passwords have been compromised.

To check whether your password is safe, there are several free and easy options you can use, report said.

These include: HaveIBeenPwend, F-Secure’s Identity Theft Checker, CyberNews’ personal data leak checker and leaked password checker as well as Avast’s Hack Check.

Experts also alert consumers to the fact that databases that each of these resources uses are likely not identical, it would be smart to check as many as possible just to cover all your bases.

If you don’t currently have any sort of software that includes identity theft protection, they advised that it might be a good time to consider checking one out.

Kindly Share This Story