Hackers steal 26 MILLION logins for Amazon, Apple, Facebook and other tech giants as well as payment information from three million PCs with malware in latest major security breach

UK Daily Mail ^ | 06/10/2021 | BRIAN STIEGLITZ, ADAM SCHRADER, SNEJANA FARBEROV

[Bigg Red]

::I ran a search program which determined if your email and or password have been compromised in a hack just the other day.::

~~~~~

What program is that, please? Non-tech savvy old lady here.

[Carpe Cerevisi]

I use Bitwarden for a password manager. It has a free and paid version.

[zeugma]

Sounds like they stole individual passwords from compromised, not a breach at, say, amazon or apple.

[zeugma]

And the culprit is always MICROSOFT WINDOWS !

It's the low-hanging fruit.

[Mean Daddy]

I hope you're joking.

[Mean Daddy]

Actually we’re seeing that the frequent requirement to change is what causes people to use simple passwords. Getting a free or cheap password manager and generator that creates 14 digit or greater passwords is the current trend.

[NurdlyPeon]

Using a phrase is the way to go. My passwords are 18-22 characters long, with words and special characters. Doesn’t mean they can’t be stolen, but brute force, no way.

[Basket_of_Deplorables]

“...14 digit or greater passwords is the current trend.

“

???

I won’t use less than 22 unless some backwards site can’t handle it. Usually 28-32. Master PW is over 40. Always mixed characters, numbers, alpha upper, lower, randomized. All via LastPass.

Also use veracrypt to encrypt all drives and thumbdrive in firesafe that stores downloaded master list of pw’s, refreshed every 6 mos after autochange pw’s also via LastPass.

PIA VPN all devices, always on at boot. Browser addons including ghostery, several script blockers. Noscript, couple others.

Avast, CC Cleaner, Malwarebytes.

And never click emailed links.

[DAC21]

https://www.avast.com/hackcheck

Check if email address has been hacked at this link. Results emailed to you. Avast is safe

[freeandfreezing]

While clearly everyone should use strong passwords, the graphic you posted and many articles about password strength only give a benchmark time for the number of in-machine guesses. That value reflects the situation where an attacker has possession of a password hash and can repeatedly try guesses until the hash matches.

The benchmark is relevant to the time it takes to get past a password on a local PC, like your login to your PC, or a local domain.

Probing a remote server across the internet has entirely different time values, since each guess requires a transaction with the remote server. Assuming that the server doesn't stop responding to the hacker entirely, as many systems do, each guess will take much longer than the benchmarks you listed.

For many similar benchmarks the factor is close to 1 million times slower, since the in machine guess rate is often nearly 100 million tests per second, and the log in transaction time is likely to be closer to 10 milliseconds.

But everyone should still use long, randomized passwords, or even longer sequences of words in odd orders if they are easier to remember.

[libh8er]

Mac or some flavor of user friendly Linux (Ubuntu etc)

[JaguarXKE]

And the culprit is always MICROSOFT WINDOWS !

I switched to the Apple eco system several years ago. Just took delivery of a new M1 iMac. Will never go back to Windows.

[Bikkuri]

Same thing happened to me.. I laughed at it and deleted the email.

[Bigg Red]

Thanks so much.