A security researcher has discovered a massive data breach exposing the email address and password combinations of millions of users. It added this data to a popular service that lets you check if your online accounts have been compromised.
Hackers have recently claimed millions of lives. These are no less than 71 million email addresses and their associated passwords, which were collected by hackers from various sources, including malware infections, phishing attacks and website breaches.
The data circulated on the dark web for approximately four months, unnoticed by the cybersecurity community, until Troy Hunt, owner of Have I Been Pwned? (HIBP), a service that lets users check if their email addresses have been involved in data breaches, decided to take a look.
Millions of compromised email addresses and passwords
Hunt initially assumed the data was old and recycled, but upon further analysis he realized that about a third of the email addresses were new and had never been used in breaches. previous data. This data was therefore “statistically significant” and deserved to be added to its service.
For those who don’t know, ” Have I Been Pwned? » is a website that allows Internet users to check if their personal data has been compromised by data breaches. The service collects and analyzes hundreds of databases containing information on billions of accounts that have been hacked or leakeds, and allows users to search for their own information by entering their username or email address.
Hunt explained that the data came from “stealer logs,” or records of the credentials that malware stole from infected computers. Malware can capture passwords for various online servicessuch as Facebook, Yahoo, Roblox, eBay and others, and send them to hackers.
How to check if your email address and password have been compromised?
To check if your email address and password were leaked in this data breach, you can use the “Have I Been Pwned?” ”, which is free and easy to use. All you have to do is enter your email address into the website, and it will tell you if and which one your email address was found in any data breach.
If your email address appears under the entry “Naz.API”, which is the name of the newest data breach, this means that your email address and password were recently leaked and You have probably been infected with malware at some point in the past, or still are.
If this is the case, you must immediately change your password for the email account and for all other online accounts that use the same password or a similar password. We also advise you to scan your computer for malware by installing antivirus, and using a password manager to create and store strong, unique passwords for each of your online accounts.
To maximize your chances of being safe, you should regularly check the HIBP service below to check whether your email address has been exposed in other data breaches, and quickly take necessary steps to protect your identity and privacy online.