26M logins stolen from PCs – Is your data part of the latest breach?
Keeping your antivirus software up to date is one of the best ways of protecting yourself from malware and cyberattacks. In most cases, your software will immediately jump into action. When it detects an intrusion, disinfection kicks in.
But what if your antivirus doesn’t react? Without doing a full-system scan, how would you even know that your computer is harboring a file-stealing program? This is a nightmare scenario for everyday users.
To complicate matters further, you wouldn’t even know what files or personal information cybercriminals have been collecting on you. It could be months’ worth of IRS correspondence, banking documents or sensitive corporate data. Now, another treasure trove of passwords has been discovered in an online database. Keep reading to see if you’re impacted.
Here’s the backstory
In a rather strange twist for cybersecurity experts, a hacker collective accidentally revealed where the fruits of their nefarious labor are stored. Following the proverbial breadcrumbs, security firm Nordlocker stumbled upon the entire bakery.
In partnership with a third-party company specializing in data breach research, Nordlocker analyzed the database. To their surprise, it contained 1.2 TB of files, cookies, and credentials stolen from around 3.2 million Windows computers.
“The data is from between 2018 and 2020. The database included 2 billion cookies. The analysis reveals that over 400 million, or 22%, of those cookies, were still valid at the time when the database was discovered,” Nordlocker explained in a blog post.
Where did the files come from? The company explained that much of the stolen data comes from commonly used places, like the desktop and the default Downloads folder on a PC. The bulk of the hack comprises 3 million text files, 900,00 image files, and more than 600,000 Word documents.
More than a million websites’ login details, including Facebook, Twitter, Amazon, and Gmail, are exposed in the leak. In total, it includes about 26 million passwords.
What you can do about it
The problem with this piece of malware is that it’s custom-made and nameless. That makes it very difficult to track down and even detect by antivirus software. But there is a way for you to check if you have (or had) the malware — even if it’s retrospective.
The associated data and email addresses have been added to the HaveIBeenPwned website. Fast becoming the go-to place for security breach databases, the website can tell you if your email address or personal data has been involved in a leak. Tap or click here to see if your credentials have been compromised.
Putting your email address in the search bar brings up a list of breaches that your email address or password was part of. If you haven’t done so in the last two months, you should immediately update your password.
Here are some preventative measures to prevent falling victim to this type of malware:
- Safeguard your passwords – Many web browsers offer the chance to store passwords to sites that you frequently visit. But don’t use them! They’re just not secure enough. Instead, use a password manager that you trust. Tap or click here for details on Kim’s password manager of choice.
- Use strong antivirus software on all your devices – Tap or click here for five reasons this antivirus security suite is Kim’s pick for total online protection.
- Cookies are not your friend – Most websites use cookies these days. They are small bits of data that track your activity online. It’s a good idea to delete them from your devices now and then. Tap or click here to find out how to delete cookies from your phone.
Keep reading
Do this now before your Gmail account is deleted
Don’t let this malware infect your computer and steal your passwords
Tags: cybercriminals, malware