On the 25th of February, a cybersecurity firm announced that it had uncovered a horde of 360 million stolen usernames and passwords for sale on cyber black markets.
Hold Security’s Chief Information Security Officer, Alex Holden, said in an interview that the firm had managed to obtain the details during the first 3 week of February. The stolen usernames and passwords are believed to have been obtained by hackers from multiple data breaches that are yet to have been publicly reported. One batch of credentials contains more than 105 million details, which would make it one of the largest data breaches discovered.
The humongous horde of compromised details, include user names, email addresses, and passwords, of which a majority are in unencrypted text. The email addresses are from Fortune 500 and non-profit organisations, as well as major web providers such as AOL, Google, Microsoft and Yahoo.
Hold Security released a statement on its website saying that as well as the 360 million credentials, the criminals are selling approximately 1.25 billion email addresses, which may then be used for spamming and phishing more details from unsuspecting victims.
At this point it is unclear as to who has fallen victim to the security breaches but it is advised that you change your passwords to any accounts you think may have been compromised. Password security is vital to keeping your identity safe online and with a few simple changes you can improve your online security:
- Make all passwords at least 15 characters long
- Use entropy in passwords. They should contain uppercase & lowercase letters, numbers & symbols.
- Avoid the use of dictionary words or common names, and avoid using any personal information.
- Don’t replace 'i' with a '1', or 'a' with a '4' etc. These are well-established password tricks which any hacker will be familiar with.
- Avoid sequences or repeated characters.
Strong passwords need to be augmented with strong practice.
- Do not use the same password on multiple sites.
- Never allow passwords to be written down or stored in the notes section of phones.
- Do not store passwords in Word or Excel. Even if those files are later deleted there will still be a recoverable imprint of it on the computer, long after it is sold or donated to a recycling company.
- Do not allow passwords to be emailed. Emails are able to be read by provider of the service.
- Do not feel the need to regularly change strong passwords. A very strong password that is used for a long time is more secure than a weaker password that is regularly changed for a similarly weak password. Enforcing regular changing of passwords can often result in employees adopting weaker passwords to make them easier to remember.
my1login is a cloud based password manager that provides a secure way to store and access your business passwords. my1login uses AES 256 to encrypt your business passwords meaning they're impossible to decrypt and access without your encryption key (key phrase) which only you know. my1login resolves the problem of remembering multiple logins, passwords and PINS by providing a safe way of accessing them via a highly secure portal.
my1login also mitigates against key loggers. Users can sign into web services without having to type their password to log into sites. my1login 2 step authentication to grant access to user accounts. Users create a secure phrase that encrypts all their logins within their browser before being sent over the internet and stored, and since their secure phrase is not stored, even my1login are unable to read these details. Users then select characters from their passwords using dropdowns, like banking services. This process mitigates against this form of attack and increases your general online security.
If you'd like to see how my1login can improve your business's online security and help protect you against hacks, try out the my1login password manager for free, or leave your email address and we'll send you an information pack.