About 225 million stolen passwords and emails appeared to have been involved in a massive data breach in the United Kingdom.
The country's cybercrime watchdogs, National Cyber Crime Unit (NCCU), and National Crime Agency (NCA) now gave them to credential tracking service HaveIBeenPwned (HIBP) to see if there are more compromised credentials in this case.
Stolen Passwords Leaked in Previous Hacks
According to a report from ZDNET, over 200 million new credentials, including passwords and emails, have been handed to HIPB to see the previously leaked details in the past data breaches.
If you are doubtful that your password has been leaked before, you can check HIPB's Pwned Password to verify its authenticity and anonymity.
The report suggested that the recommendation from NIST will help the users be wary of their passwords. As such, they would now stop using the old credentials that were exposed in a breach.
Moreover, it aims to address the escalating usage of "credential stuffing," wherein hackers try a list of frequently-used passwords and usernames from online accounts.
Related Article : How to Check if My Facebook Data Have Been Hacked [2021]: 533 Million Accounts Compromised
Beware of These New Passwords
Since people are sometimes lazy in changing their passwords, cyber attackers took the opportunity to test them out. As a result, many users are vulnerable to piling credentials because they only stick to the common passwords.
Last year, the FBI said that credential stuffing has also affected 50,000 online bank accounts since 2017. The agency urged the public to regularly change their passwords to stay away from this trap.
Back in May, the US law enforcement agency teamed up with Have I Been Pwned to overlook the potential logins that have been exposed.
With that, NCA and NCCU found cloud storage of stolen passwords and email addresses. The former recently told HIPB that they were able to identify compromised credentials from multiple users.
"Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown. The fact that they had been placed on a UK business's cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offenses," NCA said.
The updated list for the compromised passwords includes the new ones including the following in the Pwned Passwords data set. Here are they:
- aganesq
- Alexei2005
- flamingo228
- 123Tests
- 91177700
For organizations who want to scan all the data on the website, you can compress them into a 17.2GB file in SHA-1 format. This would include the first list of the passwords that the FBI and other agencies discovered previously.
According to Troy Hunt, an HIBP's operator, the compromised credentials handed to HIPB would be for community use and not for him.
Hunt highlighted that the total number of Pwned Passwords in the latest release now hit 847,223,402. In short, the team has spotted a 38% increase of the leaked credentials, and this was significantly bigger than the previous version.
How to Check if Your Password is Stolen
A report from PC World said that there are three password monitors that you can use to tell if your password has been compromised.
You can use Google Password Checkup, Firefox Lockwise, and Microsoft Edge Password Monitor for password monitoring apps. Note that these tools can be found as an extension of your browser.
If you want a more secure password manager, you can opt for LastPass,1Password, and Dashlane. If you want a quick scan of your credential to see if it is pawned, check the HIBP site for more details.
On Facebook, you can do the same thing by checking your FB email address at HaveIBeenPawned, Tech Times reported in April.
This article is owned by Tech Times
Written by Joseph Henry