Jump to content
  • PANIC STATIONS Microsoft warns BILLIONS of passwords have been hacked – check yours now

    aum

    • 986 views
    • 3 minutes
     Share


    • 986 views
    • 3 minutes

    They involve hackers gathering a list of usernames and passwords leaked online and plugging them in to various websites.

     

    Cyber crooks hope to eventually stumble across a working combination that gives them access to someone's email or social media accounts.

    From there, they can attempt to break into more sensitive accounts such as your bank or iCloud.

     

    The attacks were identified by Microsoft's Detection and Response Team (DART), which is dedicated to identifying the latest cyber attack methods.

    "This threat is a moving target with techniques and tools always changing," researchers wrote on Tuesday.

     

    "They are different from brute-force attacks, which involve attackers ... attempting to attack a small number of user accounts."

     

    The researchers identified two commonly used kinds of password sprays.

     

    One involves matching known usernames to commonly used passwords, such as "password" or "123456".

     

    The hope is that they will eventually “guess” the correct combination for as many users as possible.

     

    The second technique highlighted by Microsoft involves usernames and passwords that have been leaked online by crooks in the past.

     

    The 2012 LinkedIn hack, for instance, saw the usernames and passwords of 6.5million users stolen by cyber crooks and sold online.

     

    Google estimates that over 4billion username and password combinations have leaked in recent years.

     

    Hackers can plug these combinations into other websites in the hope that you've reused them across multiple online accounts.

     

    Microsoft said: "Once attackers have gained the credentials to an account, they can access any sensitive resources that users can access and have the malicious activity appear as normal.

     

    "This creates a repeating cycle attack pattern, where one compromised account can lead to access to resources where additional credentials can be harvested, and thus even further resource access."

     

    How to check if your passwords are safe


    The free Password Checkup software can be loaded onto Google Chrome and lets you know if your account details have been compromised in a cyber attack or data breach.

     

    Once installed, the Chrome extension runs in the background of your browser and checks any login details you used.

     

    If your password or username matches a Google database of more than 4billion compromised credentials, the software will flag them.

     

    An alert that pops up on your screen reads: "Password Checkup detected that your password for [website] is no longer safe due to a data breach. You should change your password now."

     

    If a new data breach occurs, the tool will let you if any of your passwords were compromised the next time you login to Chrome.

     

    It gives you any exposed accounts in a small list that you can click through to change your passwords.

     

    All information is encrypted, and Google says it has no way of seeing your data.

     

    "We built Password Checkup so that no one, including Google, can learn your account details," Google said.

     

    "Password Checkup was built with privacy in mind. It never reports any identifying information about your accounts, passwords or device."

    You can download Password Checkup from the Chrome webstore by clicking here.

     

    Alternatively, popular web-tool Have I Been Pwned also lets you check if you've ever been hacked.

     

    NINTCHDBPICT000674940193-1.jpg?w=670

    Hackers are using leaked username and password combinations to break into online accountsCredit: Getty

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...