The Cyber Shield 365/24/7
You might want to sit down
for this one. Hackers posted a file named RockYou2024.txt to a
dark web forum on July 4. The file includes a mind-numbing
9,948,575,739 passwords.
Wondering if this attack
puts you at risk? Yup, it does. The RockYou2024 leak is made up of
passwords from both old and new data breaches.
Give
‘em stuffin’ to talk about
Credential stuffing is no
joke. This is when crooks take your leaked passwords and try to break into as
many services, sites, accounts and apps as they can. They’re hoping you got
lazy at least once and reused that password somewhere else.
Recent attacks on big names
like Ticketmaster, Advance Auto Parts and Santander Bank were all the result of
this technique. Any system that isn't protected against brute-force attacks is
at risk, and this goes beyond smartphones and computers. Even
internet-connected cameras and industrial equipment are on the
hackable list.
What
are your next steps?
If you have time, visit Cybernews' Leaked Password Checker to see if your passwords were exposed. HaveIBeenPwned is another option. Enter your email address into either one, and I’ll bet you’ll find yourself on the list.
Reset the passwords for
every single account associated with those leaked passwords. Now, virtually
shake my hand and promise me you won’t reuse your passwords — ever.
Your
browser can help
Your browser’s password
manager can alert you if your passwords have been involved in a breach. Here’s
how to view or enable this feature in three popular browsers:
§ Google
Chrome: Password alerts are enabled by default. If you think you might’ve
missed one, head to Google’s Password Manager
and run a Password Checkup.
§ Microsoft
Edge: You’ll need to turn on Edge’s Password Monitor. To do
this, go to Settings and more (the three-dot menu at the top right of
your browser window) > Settings > Profiles >
Passwords. Then, toggle on the switch for Show alerts when passwords
are found in an online leak.
§ Apple
Safari: Password monitoring is on by default for browsers running on
MacOS 14 or iOS 14 and later. To check for alerts on your iPhone or
Mac, and to update any compromised passwords, go to Settings > Passwords >
Security Recommendations > Change Password on Website.
Oh, and this is important
to remember: Any random two-factor authentification (2FA) codes you receive via email or text that you didn’t
ask for could mean someone is trying to access your accounts.
I’m
willing to bet just about everyone you know is impacted by this latest password
dump. Do your loved ones a favor and use the buttons below to share these
security tips.
No comments:
Post a Comment