Today's report by security expert Jeremiah Fowler of a massive unsecured database full of usernames and passwords shouldn't necessarily frighten you, but it should spur you to action. If you have any weak passwords protecting accounts with sensitive information, or if you've reused the same password — however strong — on multiple accounts, now would be an excellent time to change them and set up two-factor authentication.
Fowler reported on Website Planet that the database, which he found unlocked and without any encryption on an anonymously registered server, contained a little over 184 million records. These included usernames, emails, passwords, and direct links to the URLs for logging into the relevant accounts. While Fowler was able to get the hosting provider to lock the server, he couldn't find any hard evidence about who compiled the database, nor whether they had used or shared the information.
There are a couple of reasons not to panic here. 184 million records exposed doesn't mean 184 million people exposed — it's just the number of rows in the database. If the info was gathered through malware, as Fowler believes, it's likely to have gathered multiple records from every infected device. That's obviously still bad, but fewer people have been affected than it may seem from the number alone.
The database also contained no information that could be used for two-factor authentication, so anyone with a second factor set up has much less reason to worry. Don't forget, though, that one weakly secured account is a liability to the others. For example, a hacker could gain access to your email, then use that access to break through 2FA on your bank account.
The potential consequences of having your password stolen are severe enough that it's worth taking common-sense steps. Since the database wasn't leaked on any of the usual dark web sources, its data likely won't show up on breach checkers like HaveIBeenPwned. However, Fowler did share with Wired reporters that he tested a sample of 10,000 fields in the database, and found passwords to the following platforms:
Facebook
Google
Instagram
Roblox
Discord
Netflix
PayPal
Amazon
Nintendo
Snapchat
Spotify
Twitter
WordPress
Yahoo
Online banks
Online wallets
Healthcare web apps
Government employee accounts
If you have an account on any of those platforms without two-factor authentication, we recommend changing your password and setting up 2FA as soon as possible. Pay special attention to platforms like Roblox and Nintendo where your kids might have set up their own accounts and not bothered with 2FA. As Fowler points out in his blog post, even seemingly innocuous accounts might have personal information lying around.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/a-huge-unsecured-credential-database-discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rss https://www.engadget.com/cybersecurity/a-huge-unsecured-credential-database-discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rssAccedi per aggiungere un commento
Altri post in questo gruppo
Spoilers for “Wish World.”
Even the most daring artists, those that actively seek reinvention on a regular basis, will eventually wind up repeating themselves. If t
These are some recently released titles we think are worth adding to your reading list. This week, we read Mira Grant's Overgrowth, a horror sci-fi novel about an alien invasion and th
The Amazon-owned robotaxi company Zoox
Pulsar's latest competitive gaming mouse will literally help you keep your cool during intense matches. The gaming gear company joined forces with Noctua, known for its quiet fans in its signature
Writer's block is no match for Microsoft's latest AI infusion for its Notepad
Hey there! Welcome to our weekly indie games roundup. We've got lots to get through this time, including some news before we highlight some brand-new games you can play right now.
Indie jour
