Skip to Content
© Catalin205 |
Security & privacy

26M logins stolen from PCs – Is your data part of the latest breach?

Keeping your antivirus software up to date is one of the best ways of protecting yourself from malware and cyberattacks. In most cases, your software will immediately jump into action. When it detects an intrusion, disinfection kicks in.

But what if your antivirus doesn’t react? Without doing a full-system scan, how would you even know that your computer is harboring a file-stealing program? This is a nightmare scenario for everyday users.

To complicate matters further, you wouldn’t even know what files or personal information cybercriminals have been collecting on you. It could be months’ worth of IRS correspondence, banking documents or sensitive corporate data. Now, another treasure trove of passwords has been discovered in an online database. Keep reading to see if you’re impacted.

Here’s the backstory

In a rather strange twist for cybersecurity experts, a hacker collective accidentally revealed where the fruits of their nefarious labor are stored. Following the proverbial breadcrumbs, security firm Nordlocker stumbled upon the entire bakery.

In partnership with a third-party company specializing in data breach research, Nordlocker analyzed the database. To their surprise, it contained 1.2 TB of files, cookies, and credentials stolen from around 3.2 million Windows computers.

“The data is from between 2018 and 2020. The database included 2 billion cookies. The analysis reveals that over 400 million, or 22%, of those cookies, were still valid at the time when the database was discovered,” Nordlocker explained in a blog post.

Where did the files come from? The company explained that much of the stolen data comes from commonly used places, like the desktop and the default Downloads folder on a PC. The bulk of the hack comprises 3 million text files, 900,00 image files, and more than 600,000 Word documents.

More than a million websites’ login details, including Facebook, Twitter, Amazon, and Gmail, are exposed in the leak. In total, it includes about 26 million passwords.

What you can do about it

The problem with this piece of malware is that it’s custom-made and nameless. That makes it very difficult to track down and even detect by antivirus software. But there is a way for you to check if you have (or had) the malware — even if it’s retrospective.

The associated data and email addresses have been added to the HaveIBeenPwned website. Fast becoming the go-to place for security breach databases, the website can tell you if your email address or personal data has been involved in a leak. Tap or click here to see if your credentials have been compromised.

Putting your email address in the search bar brings up a list of breaches that your email address or password was part of. If you haven’t done so in the last two months, you should immediately update your password.

Here are some preventative measures to prevent falling victim to this type of malware:

Keep reading

Do this now before your Gmail account is deleted

Don’t let this malware infect your computer and steal your passwords

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out