Four Major Site Login Databases Stolen
A series of massive but dated breaches of high-profile sites is yet another reminder of the dangers of poor password security. While the sites in question are taking preventative measures, experts warn that hackers could use the stolen details to access other sites.
In the past few weeks, hackers have offered up massive hauls of stolen login details from four major sites. They include details of 360 million accounts from MySpace and 65 million accounts from Tumblr, both lists appearing to date from 2013.
Questions Posed For Sites And Users
This follows 164 million account details from LinkedIn dating back to 2012, and 40 million account details from dating site Fling from 2011. As best as security researchers can tell, the accounts in question appear to be genuine, with the listed details correct at the time the data was stolen. (Source: vice.com)
At least one security researcher has questioned whether the appearance of so many huge databases of stolen details on the black market at the same time is a coincidence. The reports have also sparked questions about whether the companies involved knew about the breaches at the time and, if so, why they didn't publicly reveal them. (Source: troyhunt.com)
Stolen Data A Numbers Game
Although the stolen data may be a few years old, most users do not change their passwords regularly unless forced to - as such, there's a very good chance that a portion of the login details are still be valid. There's also a numbers game in play. For example, even if just one percent of people had failed to change their MySpace password since 2013 or earlier, that would still mean 3.6 million vulnerable accounts.
MySpace has now said it has invalidated the passwords for any account that is at risk of being breached, meaning users will need to verify their account and reset the password.
The biggest problem however is that many users use the same email address and password for multiple websites. Once hackers have stolen details, they can try them on other websites and services. Even if that doesn't get them access to confidential or sensitive data, it may allow them to use the accounts on other sites to spread messages containing malicious links, which can then lead to other users / machines becoming infected with malware.
What's Your Opinion?
Have you used any of the affected services? Do you regularly change passwords, even on sites that you no longer use but where you haven't closed the account? Do you use a different password for every site and if not, how do you decide when it is "safe" to reuse a password?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Use randomly generated passwords for each site
I use Roboform to randomly generate 16 to 24 character passwords for every site I login to (example: lsPN!!@Jl1mZTZPC). I then use one master password (my fingerprint or a text phrase) to access those passwords, which Roboform automatically inputs for me. The result is that if one site gets hacked, my password can't be used on another site. Also, because my passwords are strong, they are unlikely to be brute-force cracked by a bot.
4 major sites hacked
It would help us if we knew the names of the sites! How else are we to know to check and change those passwords. Hacked sites seem to wait on notifying us of breaches until after they fix their weakness, which means too late to protect ourselves from damage.
As for myself, yes, I fairly routinely change my passwords but I know there are some sites I don't go to any more that are out of sight, out of mind. I just don't remember them.
Site Names
All 4 sites *are* named in the article...
Sites which were hacked
As stated in the article, the sites which were hacked are: MySpace, Tumblr, LinkIn, and Fling. Site names were indicated in the third and fourth paragraphs - I am not sure how you missed it.
Some passwords do not matter
I use the same passwords for many sites such as forums and newsletters. Who cares if you log in as me on this site? I do use unique passwords for sites that I spend money with or financial sites that monitor my money.
I do not use any of the sites involved here and if I did, they do not qualify as a secure site like a financial site.