Potentially Billions of Passwords Posted on Dark Web

June 18, 2021 - by Identity Champion

Does it feel like a new scam or data breach captures the internet’s attention each week? The latest big piece of hacker news feels particularly worrisome due to its sheer size. Here are some key details to help you understand what happened and what you can do to protect yourself.

What’s Known

News organizations are reporting that a file potentially containing billions of passwords was recently posted to a popular online hacker forum. While the source of this data is unknown, the presumption is that the passwords were compiled from a number of previous breaches over several years.

Why This Matters

Thieves can take the info contained in the posted file and pair it with info from other breaches to run attacks like password spraying, where they try a number of passwords on the same account in a short amount of time to try and get access. 

Using the same password for more than one login makes it easier for fraudsters to break into your accounts thanks to something called credential stuffing. In this type of cyber attack, hackers use bots and lists of compromised user credentials to try to log in to a number of accounts.

If you use the same password for more than one account, all of the logins that use that same password (and the info contained in those accounts) are at risk if that password is exposed. Using a different password for each one of your accounts hinders this process, since the password leaked online will not open any other accounts.1

How to Protect Yourself

First, make sure you use a different password for each of your account logins. Better yet, make sure these passwords are strong: at least 8 characters long, do not contain any recognizable words, and use a combination of letters, symbols, and upper/lower case.

Using a unique, strong password for each login is a great start, but even those can be compromised and shared online, like in this recent collection of billions of passwords. Monitoring the internet and dark web for your passwords is also a great idea. A number of services include such alerts, such as the Internet and Dark Web Monitoring feature included in all of Identity Champion’s plans. 

If you’re a AAA Member, you can activate this feature with Identity Champion Basic, which is a part of your AAA Membership.2 

Not a AAA Member? Not to worry, you can get an Identity Champion Protect or Complete plan with a special discount on AAA Membership thanks to our new bundle. Learn more.

1 Source: Cybersecurity: What is Credential Stuffing? https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/1719167/cybersecurity-what-is-credential-stuffing/

2 Activation required. Sign up for Identity Champion Basic and enter your AAA Member number during enrollment to activate monitoring.

The content provided in this blog post is for informational purposes only, and is not intended to be an offer to sell any Identity Champion product or service.

A3 Labs LLC makes no representations as to the accuracy or completeness of the information contained in this or any blog post on the Identity Champion website.