Billions of data stolen and then gathered. 3.2 billion identifiers and passwords associated with Gmail, Hotmail, LinkedIn or even Netflix accounts were aggregated in a database, then shared on forums dedicated to hacking, reports the British online newspaper BGR. The information is, however, less alarming than it appears. Indeed, these billions of identifiers were not recovered via a single breach but gleaned from various forums, where data has been accumulating for several years. “Most of the data actually dates from 2017”, explains a cybersecurity researcher joined by Europe 1. He adds: “There is no cause for alarm.”
Partly obsolete data
The new database was also called COMB, for “Compilation of many Breaches”. “It is quite common in the field. On specialized forums, hackers publish messages to claim that they are in possession of a certain number of identifiers. But in reality they are often impostors, people who are looking to make money by reselling old leaks grouped together and made up to give the impression that they are new “, continues this researcher. Some of this data is also likely to be obsolete since users, often warned by the platforms at the time of the leak, had plenty of time to change their password.
A risk remains despite everything. “By cross-checking the archives for accounts created with the same email address, the hackers behind this file have been able to decipher a small portion of the previously unworkable passwords.” Clearly, if the same address corresponds to a Gmail account in a file where the passwords appear and to a Netflix account in another, where the passwords are encrypted, the hackers will cross this information in the hope that the user uses twice the same.
Watch out for unique passwords
“This brings the problem of unique passwords back to the table. If you use the same password for all your accounts, you expose yourself. Too many people are not paying attention and hackers take advantage of it,” said the researcher. As a reminder, varying a number, transforming a lowercase to uppercase or adding a symbol does not make a big difference for hackers. A single hacked account is always enough in this case to be seriously exposed.
To allow Internet users to know if one of their accounts appears in this new database, the BCR newspaper has created a dedicated search engine. You’ll find it here.
Source site www.europe1.fr