DailyPost 2842
10 BILLION PASSWORDS LEAKED!
The cyber world with hackers and the darknet becoming its integral part is getting crazier by the day. One is slowly getting convinced of the fact that hackers understand the cyber world best in every manner, dimension and nuance. If you were to have most of the keys of the city’s locks, possibly you couldn’t do much. Locating the right lock, gaining access and getting /stealing something worthwhile would not be an easy task. If someone were to tell you that another person has some more keys to locks unknown in the city, you would not know how to work together to break open a few locks or collaborate on a large scale,
Cyber world is radically different. Passwords are the keys to locks of the cyber world. Here, leaving aside the city, you can open locks globally; of individuals, enterprises, governments, political parties and even intelligence agencies. The nature of collaboration of hackers are totally different and they can find ways and means of using these keys i.e. passwords in the most technically innovative way to the best of their advantage. The latest news in the market is that a hacker has leaked nearly 10 billion passwords in the biggest haul ever. As per the report, the compilation of leaked passwords, RockYou2024, was shared by a user calling himself ‘ObamaCare’ on a popular hacking forum.
The leak with the largest volume was preceded this year, by a leak of approximately 22 terabytes of data which contained nearly 26 billion records stolen from platforms like LinkedIn, Twitter, Weibo, and Tancent. ObamaCare leaked 9,948,575,739 unique passwords. ObamaCare had earlier also posted stolen data on the internet; employee database from the law firm Simmons & Simmons and some other data. CyberNews said the data was compiled for more than 10 years. The data released on Thursday was the third tranche. The compilation has several newly-stolen passwords and mainly previously stolen ones too.
While we can keep getting into numbers and what they mean and can keep endlessly debating about it; of legality, investigation, governmental role etc, how can such leaks harm us is the critical question. “Passwords leaked in such datasets can be used to mount credential stuffing attacks and brute force attacks.” Credential stuffing means criminal practice of using passwords stolen from one device or account to gain access to another device or account. This works on the concept that users often use common passwords across different accounts. This makes the work of the criminal easy. Hence, the criminals rely on such passwords to access other or all of the users’ accounts.
IN THE MESSY CYBER WORLD, ONLY THE HACKER CAN FIND A METHOD IN IT.
Sanjay Sahay
Have a nice evening.