1.2 Billion User Names and Passwords For Sale

Is it time to change your password?  Now that security researcher Alex Holden, of Hold Security in Milwaukee has uncovered a huge trove of stolen user credentials on the Dark Net, you might as well assume that yours are in this mammoth collection.

Alex Holden was born in the Ukraine, and his current surname is not the one he was given at birth.  But he discovered that Russian cyber-criminals had gathered 542 million email addresses and 1.2 billion unique email and password combinations.  Most of these records were already decrypted and up for sale on the Internet underground.

Holden’s story is fascinating.  His parents were refugees from the disaster at Chernobyl, and his family bounced around from Moldova, to Italy, finally landing in Wisconsin. Since starting his cybersecurity business, he has amassed dossiers on over 6500 cyber-criminals, and tracked down all sorts of pilfered data for his clients.  If you are interested in reading more about him, their is a great article on Popular Mechanics.

Back to the issue at hand.  It is a reasonable assumption that your passwords have been revealed in this treasure trove, so you ought to do yourself a favor and replace your passwords before they get used against you by the bad guys.  Here is what I recommend; create passwords that are at least 10 characters long.  15 characters is even better.  The reason for going longer is that password cracking is done by powerful high speed computers or large botnets of PCs using massively parallel processing to try thousands of possible combinations in a second.  Once you get over 12 characters, the length of time necessary to crack the password using brute force methods becomes very long, decades, or even centuries.  Under ten characters the time is trivial; days, weeks, or maybe a month.

A password that would be very resistant to cracking would be 12-15 characters long, comprised of upper and lower case letters, numbers, and symbols.  Once you think you have a good one, go to Passfault and test it out.  Then update your accounts.  Resist the urge to use the same password on multiple sites.  Use especially long and difficult passwords on financial accounts and shopping sites.

More Information:

Popular Mechanics

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an information technology and cybersecurity instructor for several training and certification organizations. Bob has worked in corporate, military, government, and workforce development training environments Bob is a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.