On June 18th, researchers reported a major leak that included over 16 billion passwords. These passwords came from a mix of different sources. Many of them were collected through various malware programs installed on people’s computers. The leaked information did not come from one single company or website. Instead, it was gathered from many places where users’ devices were infected with infostealers. After the malware collected the data, the credentials ended up in large online databases.
With the number of passwords leaked across these breaches, you should just assume that one of your passwords somewhere was compromised. If you have been re-using passwords, this is a wake up call to start using unique passwords for each one of your application logins. Use a password manager to manage each of your different password for every website. This means that if one password is leaked, your other accounts are still safe. We also recommend using strong passwords that combine letters, numbers, and symbols to make them harder to guess.
In addition, be sure to use antivirus software and keep it updated. This can help stop malware from being installed on your computer in the first place. Installing updates to your operating system is also important, as that can help close any security vulnerabilities that your device has. Taking these steps can help lower the risk of your accounts being taken over, even if your information was part of this leak.
The leaked passwords were tied to many popular websites and services. Some of the names mentioned include Github, Zoom, Twitch, Google, and Facebook. Since the passwords came from many different breaches, and because the files were taken offline quickly, there is not a complete list of every site affected. Still, it is clear that the breach covers a wide range of platforms where people have accounts. Many of these passwords are recent, which means they could be more useful for anyone trying to access accounts without permission. This makes the leak more dangerous than older collections that might contain outdated information.
Researchers have warned that this leak gives cybercriminals new ways to try to break into accounts. With such a large number of passwords available, bad actors can attempt to log in to many accounts and steal more information. This could lead to account takeovers, where someone else gains control of your account. There is also a risk of identity theft, since personal information is often linked to these accounts. Another risk is that scammers will use the leaked data to send convincing emails designed to trick people into sharing even more personal information.
The researchers pointed out that the structure and freshness of the leaked data make it especially concerning. These are not older breaches being passed around again. The passwords are recent and can be used right away, which makes them much more valuable to someone looking to cause harm. The scale of the leak also means that it affects a huge number of people, raising the risk for anyone who reuses passwords or has not changed theirs in a while.
View the original press release here.
