Act now, because that data will be circulation among hackers right now and ready for massive credential-stuffing campaigns.
When data stolen in a breach is made public or sold to the highest bidder, the race to exploit the data begins.
Affected individuals need to change their passwords, track services where the same username and password may have been reused, and change their credentials there too. In many cases, they will also need to call their banks and cancel their credit cards or similar services if such relevant data may have also been breached. In short, it is a complete nightmare.
Now, imagine the latest breach this week where 23,600 hacked databases were leaked on two hacking forums and Telegram channels. It is what cyber-threat analysts call “the biggest leak of its kind” and “23,000 times worse” than any typical data leak!
The file size is estimated at around 50GB and contains details of 13 billion user records, including usernames, passwords, emails and addresses.
23,000x worse than normal leaks
According to a security expert, Boris Cipot of Synopsys Software Integrity Group, some of the data is old, some new. Yet, for now, it is hard for anyone to be sure that their name, username, passwords, or other data, has not been exposed. “Therefore, I would recommend that everyone change their passwords on services they use—just in case. It is important not to reuse passwords and be sure that they are long and complex,” the senior security engineer said.
To tighten the management of passwords without too much hassle, everyone should use a trusted password management service. If the service offers the possibility of two-factor or multifactor authentication, that would constitute an extra security measure.
Regarding the still-undetermined victims of the breach, Cipot notes: “Be wary when opening email attachments or clicking on links in emails, avoiding it when possible. Attackers will no doubt use the exposed data as part of phishing campaigns. Finally, be alert for any suspicious activity on your credit cards as well as of any other attempts at identity theft. There is no saying who has access to your data, nor how they plan to use it; the best thing to do is take all the necessary precautions and stay vigilant.”