Casa > cibernético Notícias > Aggregate Database Exposes 1.4 Bilhões de credenciais de texto não criptografado
CYBER NEWS

Exposições agregadas de banco de dados 1.4 Bilhões de credenciais de texto não criptografado

A fraca segurança de senhas continua sendo um grande problema, apesar das centenas de casos infelizes de bancos de dados de senhas vazadas, hacks e outros incidentes do tipo. The bad habit of using the same password over and over again across multiple devices and platforms makes it extremely easy for hackers to grab and exploit login credentials. These credentials may be leveraged in various malicious scenarios.

Story relacionado: Verifone Breach 2017- resultado de um ataque cibernético?

Worst credentials breach exposes 1.4 billion usernames and passwords

The most recent case involving breached user passwords was reported by security researchers at 4iQ who discovered a new collective database on the Dark Web. The database was also released on Torrent and contains the mind-blowing 1.4 billion credentials (nomes de usuários e senhas) in clear text. This makes the incident the largest credential exposure made public. The database was found on December 5th in an underground forum, and as just mentioned, it has been identified as the largest aggregation of various credentials discovered in the Dark Web. This announcement was made in a blog post on Médio by the founder of 4iQ security firm, Julio Casal.

While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date,” Casal wrote. What makes the breach rather scary is that none of the leaked passwords are encrypted, e ainda por cima, researchers were able to test and verify most of them as true.

This breach is so big that it excels the previous largest credential leak that exposed 797 milhões de registros. This database is in fact an aggregate of 252 previous breaches which contains known credential lists like Anti Public and Exploit.in. It also includes decrypted passwords of known breaches like LinkedIn, Bitcoin and Pastebin.

As Casal explains, “this is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports.” Since most users reuse the same passwords across social media, e-commerce, email and even banking accounts, the outcome of this extreme leak will most likely be multiple account takeovers or hijacking cases.

Story relacionado: Violação LinkedIn Dados: 117 Milhões de contas à venda

Where are the credentials taken from?

The aggregate database contains plain text credentials from Bitcoin, Linkedin, Pastebin, Meu espaço, YouPorn, Netflix, Last.FM,Badoo, Minecraft, Runescape, and credential lists such as AntiPublic and Exploit.in.

To top all of everything said so far, the new breach has added 385 million new credential pairs, 318 million unique users, e 147 million passwords related to previous dumps. This new database is also perfectly organized and is indexed alphabetically making it easier for unprofessional or inexperienced cyber criminals to quickly search for passwords.

Just to illustrate the severity of the situation and how bad it is to reuse the same simple password – a simple search for “administrador”, “administrador"E"raiz” would show 226,631 passwords that were actually used by admins.

The usual “worst passwords ever created” are also in place. Passwords like “123455”, “senha"E"111111” are still used quite broadly.

The author of the database still remains anonymous, but whoever this person may be, he (or she) has included Bitcoin and Dogecoin wallets for donations.

Considering all the enormous data breaches that happened in 2017 sozinho, it is highly advisable to use versatile and different passwords for each and every account of yours. Contudo, if you find it challenging to work with so many different passwords, you should definitely consider employing a password manager.

Story relacionado: PC Senha Escudo Software Review

Using a password manager may be a great idea after all

If you still haven’t made up your mind whether you should use a password manager or not, here’s some useful information to help you decide.

o average password manager se instalaria como um plug-in de navegador e cuidaria da captura de senha. Quando você entrar em um site seguro (HTTPS), o gerenciador de senhas iria oferecer para salvar seus logins. Quando você voltar para essa página, o gerente irá preencher automaticamente as suas credenciais, e formulários web, por vezes,. A maioria dos gerentes de senha oferecem um menu navegador barra de ferramentas de todos os logins salvos para tornar mais fácil para efetuar login em sites de salvos.

As to whether password managers are completely secure – depende. The ideal password situation would be if your human memory is very powerful, and you have applied unique passwords for each of your accounts. Contudo, in reality things are not even close to perfection. That is why it can be easily assumed that using a password manager is a better idea than not needing to use it at all (a.k.a. using one single simple password for all accounts).

Não obstante, using a password manager would guarantee:

  • The strength, complexity and randomness of passwords;
  • The passwords being remembered and kept safe at one place.

Além disso, keep in mind that many modern password managers rely on improved features such as:

  • Synchronizing information across devices in a safe manner;
  • Automatically filling in both passwords and common web forms;
  • Storing arbitrary notes.

Contudo, a password manager may fail to protect your credentials if:

1. Your computer is not protected efficiently;
2. Your computer falls victim to malware or spyware and your master password is obtained by cybercriminals.

É por isso que, in addition to using a good password manager, it is highly recommended to also use a strong anti-malware program. disse brevemente, the safest password would be a smartly crafted one, used on a protected computer.

Baixar

Remoção de Malware Ferramenta


digitalizador SpyHunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...