Posted on 01/17/2019 9:08:31 AM PST by BenLurkin
“Collection #1" is the largest public data breach by volume, with 772,904,991 unique emails and 21,222,975 unique passwords exposed.
...12,000 separate files and 87GB of data had been uploaded to MEGA, a popular cloud service. The data was then posted to a popular hacking forum and appears to be an amalgamation of over 2,000 databases. The troubling thing is the databases contain “dehashed” passwords, which means the methods used to scramble those passwords into unreadable strings has been cracked, fully exposing the passwords.
So what does this mean for the average person? According to Hunt, it means compromised email and password combos are more vulnerable for a practice called credential stuffing. Basically, credential stuffing is when breached username or email/password combos are used to hack into other user accounts. This could impact anyone who has used the same username and password combo across multiple sites. This is concerning as the Collection #1 breach contains almost 2.7 billion combos. Plus, around 140 million emails and 10 million passwords from Collection #1 were new to Hunt’s HIBP database—meaning they’re not from previously reported megabreaches.
(Excerpt) Read more at gizmodo.com ...
Bkmk
I avoid cloud storage whenever I can, but I also know places I deal put my data on them. The cloud sounded like a bad idea when I first heard of it for just this reason.
I do as well. I never store files on the cloud.
Looks like time to change *all* your passwords, eh?
Your missing the point. These breached emails are not just from cloud storage. They are from email accounts. Avoiding cloud storage gives you zero protection from your data being in this breach. The article is just saying the whoever gathered this data recently shared it with cloud storage.
Your comment is like hearing a stolen car was found on a beach and replying, “That is why I never go to beaches.”
> Looks like time to change *all* your passwords, eh? <
And consider freezing your credit reports. A lot of damage can be done once some hacker has enough info to get credit in your name.
Freezing info is here:
https://www.thebalance.com/how-to-freeze-your-credit-report-at-each-credit-bureau-960796
nice analogy
thanx for that link
Shut down the internet for any financial,purposes go back to cash and checks.
I am the lead cybersecurity architect for Capco, a financial services consulting company. We advise banks and financial institutions on regulatory compliance. My particular area is cyber security (architecture through penetration testing).
We have an inexpensive service that will check your companies AD users passwords (stored hashes) against the list of passwords we have scraped from the dark web (2.1 Billion passwords).
Ping me if you want to know more.
Wow. Thank you for the info! I just checked my FR password and had to change it!!!
Exactly. I don't do any financial transactions on line. Stamps and envelopes cost money, but that's better than having someone crash your accounts.
My one exception is FreeRepublic. I've trusted Jim since I first came here, back in the Clinton days, and so far I haven't been disappointed.
Wouldn’t that be a breach of confidential information you have with your customers?
No. We do not disclose the password identified, only the accounts that have easily guessed passwords. The customer provides to us the masked file of useracccount / hashes. We run our tool and report back on which accounts have passwords that are in this consolidated list of dark web passwords.
For example, suppose that the account xyzadmin is using “Pa55Word”. When we run our tool, we can identify the weak password but only report back to the customer that userid xyzadmin has an easily guessed password and that the password should be reset.
I do not trust putting my pw into the linked site. How do I know they are not grabbing it then going against my cookies.
I keep telling the computer ‘experts’ at work that “cloud” and “security” are mutually exclusive.
I think you missed my point. Having many more points where my data is stored increases exposure to a breach. I avoid every account at a store, online or on a physical stores computer unless I really need to. I avoid giving email addresses just to get 10% off a bill. I am not on Face Book etc. A reduced footprint. Cloud banks are targets.
Many years ago I had a hack related to comments to FR.
I have had a car broken into at the beach. I still go to the beach and FR.
Someone should offer that as an on-demand paid service. Does anyone?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.