Over 3bn e-mails, passwords hacked in possibly largest data breach ever

*Security analysts say consumers should protect themselves by changing passwords for every account online

Isola Moses | ConsumerConnect

As hacker harvest 2021 has begun, 3.27 billion unique pairs of e-mails and passwords were leaked on a popular hacking forum, aggregating past leaks from Netflix, LinkedIn, and other platforms, according to CyberNews.

It was gathered the current breach, dubbed “Compilation of Many Breaches” (COMB), doesn’t appear to be a new breach; rather, as the name suggests, it’s a compilation of multiple breaches.

However, COMB contains more than double the unique e-mail and password pairs as the Breach Compilation of 2017, in which 1.4 billion credentials ranging from financial data to the personal information of every United States voter was pilfered from a collection of 252 previous hacks.

But how bad is this? Very, report stated.

The source further explained it is unclear what previously leaked databases were collected in this breach, but the samples it’s been able to access contained e-mails and passwords for domains from around the world.

The big problem with this leak is that it’s not just a list, but an “interactive database” that allows hackers to search for matches and new breach imports.

Identity intelligence company 4iq said of the situation: “Given the fact that people reuse passwords across their e-mail, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.”

The bottom line is that if users use the same passwords for their LinkedIn or Netflix as they do their Gmail accounts, then attackers might be able to leverage that information on other, possibly more important, accounts.

As a reference point, there billion pieces of personal data is 10 times larger than the US population, and that could loom big and bad for everyone.

CyberNews’ Bernard Meyer said: “The impact to consumers and businesses of this new breach may be unprecedented.

“Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing attacks is the biggest threat.”

Are you affected? Experts suggest unless you were able to lay hands on all the data hacked in COMB, your best bet toward being safe and secure is to search your e-mail address on one of the online threat scanners.

Consumers can use the HaveIBeenPwned tool to see if their information is part of any breach, not just the COMB one.

Meyer recommended that “in any case, users are normally recommended to change their passwords on a regular basis, and to use unique passwords for every account.

“Doing so – creating and remembering unique passwords – can be quite challenging, and we recommend users get password managers to help them create strong passwords.”

Jim Scott, a cybersecurity researcher, also stated: “I recommend everyone to follow good security practices such as using unique passwords for every service that they sign up to and using two-factor authentication whenever possible.”

Meyer agreed, saying that multi-factor authentication’s strength comes in handy for more sensitive accounts.

“That way, even if an attacker has their username and password, they won’t be able to get into their accounts,” said he.

Two-/multi-factor authentication is available via an app like Google Authenticator, or settings within a user’s Facebook, Dropbox, Amazon, and other account settings.

Kindly Share This Story