773 Million Hacked Accounts for Sale - Are You Compromised? I Was

in #security6 years ago (edited)

You might think your accounts on various sits are safe. I did. But do you use the same password in many places online? I did on a few sites (about 6). Well, if one of those sites gets hacked and your account password is known, it puts you at risk of having your account compromised on other sites that use the same email and password.


Source

If you have an account on Site A, let's say linekdin.com, it has your email and password for that account. You also use your email on other sites, like Site B, which may be amazon.com, which also has a password for your account there. If Site A gets hacked, they know your email, and can use your email and password from Site A to try to log into Site B, C, D, etc.

The largest collection of hacked accounts was recently found for sale on a hacking site. The collection contained over 773 million accounts from various sites that have been hacked over the years. Some of the accounts were from previous known hacks, but some are knew with no previous knowledge of the hacks having been done.

The collection in 87GB, containing "360m MySpace accounts hacked in 2008 or the 164m LinkedIn accounts hacked in 2016", and 140m email addresses that have never been seen before. Troy Hunt, of Have I Been Pwned found the data, and has set up a tool on the site for you to know if you've been compromised on a site and need to change the password there and any other site that uses the same password.

"People take lists like these that contain our email addresses and passwords then they attempt to see where else they work."

"The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem."

Out of over 1 billion accounts, there are many passwords being reused, with only 21 million unique passwords:

In total, there are 1,160,253,228 unique combinations of email addresses and passwords,” Hunt wrote, and “21,222,975 unique passwords”.

I recommend you go to the site and put in your email to see if you've been compromised. My main email got one hit for LinkedIn that was compromised a few years ago. I went to change my password there and on 6 other sites that had the same password. Hunt says it's good to use a password manager like 1Password or LastPass. That way you pick unique passwords and it stores them all for you.

I keep all of mine in a file on my computer. Most of my passwords are different, but I still had some that were the same. Oops. At least I have a file where I can know what I need to change ;)


Thank you for your time and attention. Peace.


If you appreciate and value the content, please consider: Upvoting, Sharing or Reblogging below.
Follow me for more content to come!


Like what I do? Then consider giving me a vote on the Witness page :) Thanks!

My goal is to share knowledge, truth and moral understanding in order to help change the world for the better. If you appreciate and value what I do, please consider supporting me as a Steem Witness by voting for me at the bottom of the Witness page.

Sort:  

Our idea of login and password are antiquated.

It was ok when you had a few COMPUTERS to log into, but today every site has a login and password. And because we are human, we often use the same login, and the same password.

And worse, sites like f-c-book remember you, so you never use your password for years.

Things like password tools are even worse. Sure they make your login and password impossible to crack via a random character string password, but it hides all the important information from the user. And it provides a single point of failure.

AND Microsloth Winders allows anyone who accesses the machine to just look at anyone's passwords. (well, its not that easy, you have to know what you are doing, but it is a piece of cake for any software guy.

Great comment, I completely disagree with the password apps and having a computer remember my password for me. Rife for hacks!

Posted using Partiko iOS

write them down like i do ;)

My uplay account was hacked. I blogged about it. I was getting Emails every day about people all around the world using my account.

I received a video game for free called Watchdogs 2 for buying my graphics card a few years back. This is the only game on my account so I didn't care about it. Also the game is basically Grand Theft Auto, except you're an elite hacker, AND my password for the account had the word "hacker" in it, so I thought that was hilarious.

I let the dark web use my account until they tried to access my facebook account. Then I realized my Steam account had the same password... OOPS! Changed that real fast. (Not that I use Steam that often.)

It was fun while it lasted.

The best part is that password has been hacked twice. Way back in the day when I was using AOL Instant Messenger my friend hacked the account by solving my security questions. Back then security was garbage and AOL actually told my friend what the password was. Today password resets obviously don't behave like that for this exact reason.

He used this information to "hack" into my computer and place a crude and graphic stick-figure drawing of me with an ex-girlfriend. He masterminded its placement in a way where both me and my current girlfriend would see it at the same time.

Why did he do this? Because I ate some pizza that he specifically told me not to eat. lol. It was pretty funny in an immature kind of way.


I've used Have I been Pwned before. Just checked myself out again. It claims I've been pwned on LinkedIn, Myspace, Evony (LOL) and 4 unconfirmed other services.

Needless to say the password I use for Email is totally unique. If they get your Email account you are done did super pwned.

I would leave Internet if ever they get access to my email 😂

Posted using Partiko Android

Yeah, hopefully ppl dont use the same password elsewhere as they do for their email acct ;)

This is why I have a few dozen diff emails and diff passwords hehe :)

Some of my older emails were hacked multiple times, but I don't use em for anything anymore and they aren't connected.

Too much trouble all that :P

Hi, thanks a lot for the precious info. : )
Not pwned(hehe)
Salut

Welcome, good on u ;)

I got a hit on one but it was the email only, no passwords.

Yeah big whoop if someone gets ur email address.. lol

Thanks bro, checked it out and I was on list from a site I haven't used in a long time, sneaky buggers

Welcome ;)

Thanks for this, turned out I was pwned on two email accounts. Really useful ;)

Welcome ;)

This further confirms my tech fears are justified, lol.

lol, we're all owned

Thanks for the info. My few main email addresses are good but two of my junk email addresses were in the list. Precisely why they are junk addresses lol yahoo accounts.

Posted using Partiko iOS

Yah, who has yahoo accounts lol

Being poor, you may not have much to lose - but getting socially compromised, that's a different kettle of fish all together!

You have your account to lose ;)

Yup...and accounts are windows to the world!

Nice share dude!!
I hope I'm safe, but I need to check

Thanks for the heads up I will put in my email and see what I get @krnel

Good luck

Checked. I'm good. Thanks.

Posted using Partiko Android

Right on ;)

I put my email in and I have not been Pwned
Good information to know about our sites

Good going ;)

The Linkedin got to me too and I remember when it happened I started a spreadsheet to track and start preparing unique passwords for each site given that many were the same! However, this whole thought process should soon change with blockchain as I have seen a number of projects focusing on ID validations via blockchain!

Posted using Partiko iOS

That why is important to use a different password on each sites. :)

Posted using Partiko Android

Indeed it is

Yes.

Posted using Partiko Android

Nice work on the tip. I all good apparently but change my pass word more time than I can remember myself so hard to hack haha 💯🐒

lol, hard for u maybe too

Thank you!

Curated for #informationwar (by @wakeupnd)

Ways you can help the @informationwar!

  • Upvote this comment or Delegate Steem Power. 25 SP 50 SP 100 SP or Join the curation trail here.
  • Tutorials on all ways to support us and useful resources here

Hi @krnel!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 7.276 which ranks you at #66 across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 195 contributions, your post is ranked at #6.

Evaluation of your UA score:
  • Your follower network is great!
  • The readers appreciate your great work!
  • Good user engagement!

Feel free to join our @steem-ua Discord server