Happy Friday
The Darkweb is chock full of billions of stolen usernames and passwords, spread out among an unknown number of forums and Darknet marketplaces. The million dollar question is of course, "are my passwords out there?"
To answer this question, Troy Hunt, Microsoft's regional director erected haveibeenpwned.com (HBP) back in 2013 as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. The site is dead simple, easily accessible and aims to be of maximum benefit to the community.
The Takeaway
Why are we talking about this now? The site came about after what was, at the time, the largest ever single breach of customer accounts - Adobe. Since then Troy and his team keep adding major leaks to their searchable database. This week HBP added 71 million stolen email account passwords from the Naz.API stolen account list.
The Naz.API dataset is a massive collection of over 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware. Big lists like this are used to breached accounts owned by the victim, sold to other threat actors on cybercrime marketplaces or released for free on hacker forums to gain reputation amongst the hacking community.
What this means to you: now is the time to go check haveibeenpwned.com to see if your credentials are in this latest leak. If it is, be sure to change those passwords and make sure that 2-factor authentication is turned on all of your accounts, especially your email account.
Believe me when I say, it's a real mess once these criminals are in your inbox. Check this box off of your list of New Year's resolutions!
What do you think about haveibeenpwned.com? Did any of your email addresses come up in the search results?
Stay safe out there.
-Attila
PS. If you think this email might be of value to a friend or colleague, feel free to forward it along.