When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.
Over a million websites have been impacted by the latest hack, including big name destinations like Instagram, eBay and Apple. Other sites affected by the vast data breach include Netflix, Facebook, Amazon, Twitter, and Gmail. In total, experts estimate that some 26 million login credentials were stolen and stashed in a secret database.
Security researchers only stumbled upon the vast database of stolen logins after threat actors accidentally gave up the location themselves.
The threat was highlighted by cyber security researchers at NordLocker, who said Trojan malware was used to steal millions of login details between 2018 and 2020. The database where all the sensitive stolen details were housed was 1.2 terabytes in size, with the logins lifted from 3.25million Windows PCs.
The type of malware used in these attacks can be purchase for as little as £70 and is spread via e-mail and illegally downloaded software such as fake versions of Adobe PhotoShop.
In their analysis online, NordLocker said: “The malware got away with nearly 26 million login credentials (emails or usernames accompanied by passwords) from almost a million websites.”
Phone security: How hackers can obtain private information
According to NordLocker, over one million login credentials for Facebook and Google accounts were stolen by hackers. While hundreds of thousands of Amazon and eBay logins were also nabbed by attackers.
Speaking about the findings, NordLocker’s John Sears wrote online: “The stolen database contained 1.2 TB of files, cookies, and credentials that came from 3.2 million Windows-based computers. The data was stolen between 2018 and 2020. The database included 2 billion cookies. The analysis revealed that over 400 million, or 22%, of those cookies were still valid at the time when the database was discovered.”
Sears added: “We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally.”
If you want to check whether you’ve been affected by the latest hack then head to haveibeenpwned.com and enter your e-mail address.
The website will say whether your email address or password has been affected by the data breach, as well as any other data breach throughout the years. If haveibeenpwned.com flags your email or password as being impacted in the breach, you need to change that password immediately.
Any other logins that use the same email-password combination will need to be changed too. Of course, best practice states that you shouldn’t ever re-use the same password for different accounts.
Source: Read Full Article