We have all heard in the news about the massive breaches that have occurred in recent years.
Large companies such as LinkedIn, DropBox, Yahoo, Adobe, and Tumblr have all been victims of large-scale data breaches. Recently, researchers have uncovered a database full of hacked user accounts. Not only that, this collection – containing over 560 million user names, emails, passwords, IP addresses and more – was found contained within a completely unprotected online database.
Security researchers, using the Shodan search engine which looks online for unprotected files, open ports, and unsecured devices, found the database. But more importantly, what researchers found is that there are almost a dozen such databases, in addition to this large cache, that have limited to no security, meaning anyone with knowledge can access the information in the databases. Collectively, these databases house several terabytes worth of account information.
The researchers also determined, once they analysed a small portion of the records contained within the large database, that almost all of the information contained within were from the earlier large-scale breaches. What this means is that this information, while not part of a new data breach, is part of an endeavour to pull together all of this information and store it within one centralised database. To what end? The most obvious reason would seem to be engage in one immense hacking campaign.
What can you do?
Users are often sick of hearing the same narrative – update your passwords if you have not done so for quite some time, use a good password manager, use multi-word pass phrases, etc. It is, however, your first line of defence. There is also an excellent website that you can utilise, free of charge, called “Have I Been Pwned.” This website allows you to check if your email has been compromised in any of the noted data breaches, and if so, lists the respective breach.
Unfortunately, the trend shows that hackers are increasing their attacks and the number of breaches continues to rise. This trend, and the massive database found, are a reminder to users to avoid the practice of re-using passwords across multiple websites. After all, we don’t want to make the hackers’ jobs any easier for them.