A mind-boggling 26 billion passwords and account details have been shared publicly by crooks — and with that many leaked records in the database, it likely includes one of your logins.
The vast catalogue of leaked login details was discovered by security expert Bob Dyachenko of SecurityDiscovery.com and the team at Cybernews.com. Measuring 12 terabytes (TB) in total, the data has been nicknamed the “mother of all breaches” by the team that unearthed it.
The scale of the leaked data is unprecedented. The previous record breach recorded by Cybernews.com contained 3.2 billion records — just 12% of the breach this year.
Although it’s believed that a certain amount of the data comes from known sources, security experts suspect that new passwords and personal information will be in the mix too. With the sheer volume of data, experts suspect there are likely to be duplicate records.
The largest number of login details included in the database come from Tencent QQ, a hugely popular Chinese instant messaging app. Cybernews.com found 1.4 billion leaked account details from the app.
It’s followed by Weibo (504 million leaked accounts), MySpace (360 million), Twitter / X.com (281 million), Deezer (258 million), Linkedin (251 million), AdultFriendFinder (220 million), Adobe (153 million), Canva (143 million), VK (101 million), Daily Motion (86 million), Dropbox (69 million), Telegram (41 million), and a whole host of other brands and online organisations.
If you've relied on the same password for years or use the same email and password combination for multiple accounts online, it’sa good time to perform an audit of your accounts.
That’s because hackers will try login details found in leaked datasets to attempt to break into other accounts — a practice known as credential-stuffing. If they gain access to your email, criminals can reset the passwords of any online accounts (without two-factor authentication) associated with that email address by monitoring the inbox.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.
Security expert Troy Hunt established the website Have I Been Pwned to help people identify when their data has been leaked on the Dark Web. The free service lets you search across multiple data breaches to see whether your email address or phone number has been compromised.
It comes as NordPass revealed a definitive list of the most common passwords of 2023. To do this, the security firm analysed a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web.
NordPass is a popular password manager, which stores your passwords so you can use the unique alphanumeric passphrase for every online account. The app uses a fingerprint or facial scan to check your identity before filling in your login details, so you won’t need to memorise a jumble of upper- and lowercase characters, punctuation, and numbers for every online account.
NordPass is available on all of your devices, so you can set-up a new secure alphanumeric password on your laptop and then it will autofill next time you attempt to login from your phone or tablet
NORD PRESS OFFICE
It also monitors recent data breaches and warns youthe moment that one of your account details is included in a leak, so you change the password. If every account is protected by a different password, you’ll only need to worry about shielding that one account from hackers.
For a limited time, you can get 52% off NordPass — dropping the cost to just £1.19 per month.
NordPass is one of several popular password managers, including LastPass and 1Password. Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and iCloud Keychain respectively, that generate and store passwords.
LATEST DEVELOPMENTS
Online accounts are increasingly turning to passkeys as a way to let users sign-in to apps and sites the same way they unlock their devices – using a fingerprint, a face, or an on-screen PIN.
Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.
Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time.
For now, it’s best to keep an eye on news of catastrophic data breaches, like the billions of personal recorded uncovered by Cybernews.com, and change the passwords that protect each of your online accounts to a strong and unique passphrase.
