A fraca segurança de senhas continua sendo um grande problema, apesar das centenas de casos infelizes de bancos de dados de senhas vazadas, hacks e outros incidentes do tipo. The bad habit of using the same password over and over again across multiple devices and platforms makes it extremely easy for hackers to grab and exploit login credentials. These credentials may be leveraged in various malicious scenarios.
Worst credentials breach exposes 1.4 billion usernames and passwords
The most recent case involving breached user passwords was reported by security researchers at 4iQ who discovered a new collective database on the Dark Web. The database was also released on Torrent and contains the mind-blowing 1.4 billion credentials (nomes de usuários e senhas) in clear text. This makes the incident the largest credential exposure made public. The database was found on December 5th in an underground forum, and as just mentioned, it has been identified as the largest aggregation of various credentials discovered in the Dark Web. This announcement was made in a blog post on Médio by the founder of 4iQ security firm, Julio Casal.
“While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date,” Casal wrote. What makes the breach rather scary is that none of the leaked passwords are encrypted, e ainda por cima, researchers were able to test and verify most of them as true.
This breach is so big that it excels the previous largest credential leak that exposed 797 milhões de registros. This database is in fact an aggregate of 252 previous breaches which contains known credential lists like Anti Public and Exploit.in. It also includes decrypted passwords of known breaches like LinkedIn, Bitcoin and Pastebin.
As Casal explains, “this is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports.” Since most users reuse the same passwords across social media, e-commerce, email and even banking accounts, the outcome of this extreme leak will most likely be multiple account takeovers or hijacking cases.
Where are the credentials taken from?
The aggregate database contains plain text credentials from Bitcoin, Linkedin, Pastebin, Meu espaço, YouPorn, Netflix, Last.FM,Badoo, Minecraft, Runescape, and credential lists such as AntiPublic and Exploit.in.
To top all of everything said so far, the new breach has added 385 million new credential pairs, 318 million unique users, e 147 million passwords related to previous dumps. This new database is also perfectly organized and is indexed alphabetically making it easier for unprofessional or inexperienced cyber criminals to quickly search for passwords.
Just to illustrate the severity of the situation and how bad it is to reuse the same simple password – a simple search for “administrador”, “administrador"E"raiz” would show 226,631 passwords that were actually used by admins.
The usual “worst passwords ever created” are also in place. Passwords like “123455”, “senha"E"111111” are still used quite broadly.
The author of the database still remains anonymous, but whoever this person may be, he (or she) has included Bitcoin and Dogecoin wallets for donations.
Considering all the enormous data breaches that happened in 2017 sozinho, it is highly advisable to use versatile and different passwords for each and every account of yours. Contudo, if you find it challenging to work with so many different passwords, you should definitely consider employing a password manager.
Using a password manager may be a great idea after all
If you still haven’t made up your mind whether you should use a password manager or not, here’s some useful information to help you decide.
o average password manager se instalaria como um plug-in de navegador e cuidaria da captura de senha. Quando você entrar em um site seguro (HTTPS), o gerenciador de senhas iria oferecer para salvar seus logins. Quando você voltar para essa página, o gerente irá preencher automaticamente as suas credenciais, e formulários web, por vezes,. A maioria dos gerentes de senha oferecem um menu navegador barra de ferramentas de todos os logins salvos para tornar mais fácil para efetuar login em sites de salvos.
As to whether password managers are completely secure – depende. The ideal password situation would be if your human memory is very powerful, and you have applied unique passwords for each of your accounts. Contudo, in reality things are not even close to perfection. That is why it can be easily assumed that using a password manager is a better idea than not needing to use it at all (a.k.a. using one single simple password for all accounts).
Não obstante, using a password manager would guarantee:
- The strength, complexity and randomness of passwords;
- The passwords being remembered and kept safe at one place.
Além disso, keep in mind that many modern password managers rely on improved features such as:
- Synchronizing information across devices in a safe manner;
- Automatically filling in both passwords and common web forms;
- Storing arbitrary notes.
Contudo, a password manager may fail to protect your credentials if:
1. Your computer is not protected efficiently;
2. Your computer falls victim to malware or spyware and your master password is obtained by cybercriminals.
É por isso que, in addition to using a good password manager, it is highly recommended to also use a strong anti-malware program. disse brevemente, the safest password would be a smartly crafted one, used on a protected computer.
digitalizador SpyHunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter