Passwords Leaked: Hackers post file with 1,000 crore passwords online in biggest cyber security breach yet

Passwords Leaked: A file with around 10 billion (1,000 crores) passwords was leaked via an online hacking forum, according to a report by Semafor. The compilation, which included old and new password breaches, was posted online on July 4 and is the largest such leak yet, the report added.

Semafor report noted the risk of credential stuffing attacks being enabled by the massive leak. This concern is grave because the leak's nature gives hackers a single searchable file to sift through user data.

Risks Increased

Credential stuffing refers to hackers using a user's breached password to break into multiple accounts linked to that same user. For example, user A's password for their email could be used to break into their bank account. Cybernews reported that credential-stuffing attacks compromised users across platforms such as AT&T, Santander Bank, Ticketmaster and 23andMe, among other businesses.

The report also referred to an International Monetary Fund (IMF) report and a Lancet Journal study to note that malicious cyberattacks have doubled globally since 2020, with the financial (20,000 cyber attacks since 2020) and healthcare sectors taking the brunt of such attempts.

Some Solace

Forbes report, however, provided some relief for worried netizens — the sheer size of the leak may make the file unusable. One analyst said, “I know this might sound funny, but what’s an extra 1.5 billion passwords?”

The report also noted that simply having more passwords leaked does not increase the likelihood of cyber attacks increasing — but it does point out the "glaring holes" in online security.

What can you do to safeguard yourself?

  • Ensure you use different passwords for different platforms wherever possible, especially for sensitive accounts linked to banks, insurance, and other financials.
  • Create strong eight- to twelve-character passwords with at least one capital letter, one numeral, and one symbol.
  • Do not share your passwords with anyone or write them down so that others can hack or access them.
  • Change your passwords and pins regularly and ensure they are completely different.