[ad_1]
In January, a megabank of stolen identity data was discovered for many services. 773 million unique pbadwords corresponding to a leak, called Collection # 1, were disclosed. Few people expected that two weeks later, an even larger collection of stolen identification information would be revealed, circulating freely and for free on the deep network.
Called Collection No. 2-5, the database concentrates 2.2 billion user names. accompanied by pbadwords for several online services, and is distributed free in hacker forums and torrents. That's 845 gigabytes of information stolen, reaching a large part of the online population that is quietly circulating in the hidden part of the Internet.
According to Chris Rouland, security expert, consulted by Wired magazine, it is the largest collection of stolen identification information ever seen. According to him, this data has circulated widely among the hacker community. The torrent file has 130 people doing the "source" job, that is, who owns the complete file and distributes it to people interested in downloading.
An exploit that constitutes this collection of identification information. more dangerous than normal, besides the size, is the fact that it is distributed without any restriction. Typically, these stolen information stores are sold in packages within the hacker community, reducing their scope. When they are distributed as openly, anyone interested in doing harm can have access to this data.
As is often the case in large collections of stolen references, the database is a collection of leaks of all kinds. Many of the username and pbadword combinations are no longer valid precisely because they result from old leaks whose victims have already been reported, such as LinkedIn's information theft. and Dropbox.
The Hbado Plattner Institute, an information technology unit at the University of Potsdam, Germany, decided to catalog the information from Collection 2 to 5 of its database and found that 750 millions of listed references were new. You can set up a conference if any of your information is contained in the list through HPI Managed Information Leak Verification Service. Simply enter your e-mail address and after a few minutes you will receive a message in your inbox informing you of any incidents related to your e-mail.
This type of leakage is dangerous for many reasons. A technique called "credential stuffing" is very easy to understand and aims to reach people who repeat their pbadwords on multiple sites. For example, if the email and pbadword that you use on Netflix, for example, falls into the hands of hackers, they may also try to use that information to try to connect to Uber or Amazon and use your credit card without authorization, or Then try the same combination to access Gmail, read private conversations, steal personal information and have control of your entire digital life.
if your email was already involved in a publicly known data leak. The recommendation in case you have been affected is to change your pbadwords in all the services where you have repeated it.
[ad_2]
Source link
