New trove hacks password#
Vox put together a great post on why - I’d recommend checking it out, but the base level is that password managers are very secure, and they generate unique and complex passwords for all your services. Secondly, start using password managers like Lastpass or 1password. What should you do? For starters, stop reusing passwords. The more times you’ve reused a password, the more services this type of attack will grant hackers access to. Hackers will typically use a ‘credential stuffing’ attack to use paired email addresses and passwords to flood services and try to gain access to your accounts. Even when passwords are extremely complex and sufficiently long, reusing the same password for multiple services means that when any of those services is breached, every service you’re using that password for is now vulnerable. Even some of the most security-conscious folks are guilty of this from time-to-time - in a bid for ease of use, we reuse the same passwords for multiple sits and services. The primary culprit for massive breaches like this is password reuse. Taken together, the new(er) breached data combined with the prior monsters made for “1,160,253,228 unique combinations of email addresses and passwords…and 21,222,975 unique passwords”. That said, there was somewhere on the order of 140 million email addresses in this breach that Hunt’s service had never seen before. The data almost assuredly included the 360 million MySpace accounts hacked in 2008 or the 164m LinkedIn accounts hacked in 2016.
Hunt called the upload Collection #1, and wrote that it was probably ““made up of many different individual data breaches from literally thousands of different sources”, as opposed to being the work/result of a singular hack of a huge service. Troy Hunt, who runs the Have I Been Pwned breach-notification service performed a cursory investigation and publicized the hack more widely for consumers and security personnel to take evasive action. Totaling more than 87GB in all, the collection contained 12,000+ separate files and was being circulated/touted on popular hacking forums. In mid-December, what has since been dubbed Collection #1 was uploaded to a popular cloud service, MEGA. Here’s what you need to know: The discovery So it is with Collection #1 - it’s being touted as the largest-ever trove of breached data found in one place. These mega-hacks are becoming more the rule than the exception. Marriott and Starwood Hotels lost hundreds of millions of users’ personal data, including both financial information, and in some cases, passport data as well (in that particular case, hackers were inside the system for years snooping around before the intrusion was detected and the security breach patched). We’ve seen NotPetya wipe out tens of billions of dollars and cripple worldwide infrastructure. Unfortunately, global-scale hacks are becoming both more frequent and more devastating with every passing year. Subscribe to our new Twitch channel.Massive hacks shouldn’t come as a huge shock to anyone anymore. Schulte, who had really bad OPSEC, has another federal case still pending for possession of child exploitation material, which the feds allege Schulte had on his laptop when they raided his apartment. Unlike Chelsea Manning, who in 2010 gave WikiLeaks thousands of secret documents pertaining to the Iraq and Afghanistan wars because she wanted the public to know of war crimes and change how people looked at those wars, Schulte was more motivated by hatred of the CIA and to spite his former colleagues, according to Schute’s former colleagues, who spoke to the New Yorker. And it put our officers and our facilities, both domestically and overseas, at risk,” Roche said when he testified in court. “It immediately undermined the relationships we had with other parts of the government as well as with vital foreign partners, who had often put themselves at risk to assist the agency. It’s a huge loss to the organization.” Sean Roche, the CIA’s Deputy Director for Digital Innovation when Schulte was working at the agency, called the leak the “equivalent of a digital Pearl Harbor,” arguing that the CIA had to shut down “the vast, vast majority” of operations while it was evaluating the damage caused by the leak. In other words, the leak was a treasure trove of CIA information.Ī former colleague of Schulte told the New Yorkerthat the leak made her sick to her “stomach,” and that the “information getting out into a forum like that can hurt people and impact our mission.
0 kommentar(er)
