Security Update - Have You Been Hacked, Yet?

Hackers have passed around a massive leak of over 2 billion username and password records

It's been happening for years, but recently hackers have released several new collections of username credentials.

On January 30, 2019, Wired Magazine released an article that delved into the details:

"When hackers breached companies like Dropbox and LinkedIn in recent years—stealing 71 million and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book."

There was an original grouping of files, named "Collection #1" by the hacker that created the file, "a patched-together set of breached databases Hunt said represented 773 million unique usernames and passwords." Since then, another four have been created, called Collection #2 through Collection #5.

You can check for your own username in the collections using Hasso Plattner Institute's tool:

On this page you can register your email address and you'll get a report delivered to you by email if they find anything in the database.

Wired's article continues:

"Rouland speculates that the data may have been stitched together from older breaches and put up for sale, but then stolen or bought by a hacker who, perhaps to devalue an enemy's product, leaked it more broadly. The torrent tracker file he used to download the collection included a 'readme' that requested downloaders 'please seed for as long as possible,' Rouland notes. 'Someone wants this out there,' he says. (The 'readme' also noted that another dump of data missing from the current torrent collection might be coming soon.)"

You can read the whole article, here:

It is always advisable to keep separate passwords for banking-level websites and other lower-level websites, and to periodically change your banking-level passwords in case it has somehow been harvested.

This latest breach should be taken seriously, and we advise everyone to gather their un/pw info into one place and systematically change your passwords in an organized manner. Leaving this to chance is only tempting fate and inviting disaster.

Posted: to WebWorks News on Thu, Jan 31, 2019
Updated: Sat, Mar 9, 2019