Published: June 2, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
No different from anyone else, even hackers are sheltering in place these days. The difference is while some of us can’t work, they can actually continue to do the “work” they always do; steal and sell user data. Analysts from the cyber technology company, Cyble found several databases containing over 550 million stolen user records available on the Dark Web. Some of the information dates back to 2012, but some of it is from April of this year.
Twenty-nine databases were found up for grabs, beginning May 7. The information was from sites such as Roadtrippers, Sephora, and Evite. A list of the databases that are included is available from Bleeping Computer, but users can also find out if their credentials were included by querying HaveIBeenPwned or Cyble’s, AmIBreached.
The information that the hackers get can be used to conduct credential stuffing attacks. These are done by taking user credentials and trying them over and over on various other websites to see if there is any success. Unfortunately, this tactic does indeed work and has been blamed for many large data breaches in the past. So, remember to use unique credentials for each website logged into and that the passwords are always strong. This means they should:
Include at least eight characters
Include upper- and lower-case letters
Have one or more numbers
Have one or more special characters, such as a “$” or “!”
Not be easy to guess or be on the top 20 most used passwords. “Football” and variations of “12345678” are always on that list
Not include any personal information, such as your birthdate, your social security number, or your pets or child’s name, or your child’s birthdate
Not be words found in any dictionary
Anyone using any of the websites included in this particular list should change passwords immediately. Even if it’s been done recently. And if you do use credentials on more than one site, make sure those are changed too.
Just because we are all hanging out at home more these days, doesn’t mean we need to make it easier for hackers. Take some of the extra time you may have and ensure your passwords are secure.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org