Stolen Logins - Is Someone Spying on You?

Stolen Logins - Is Someone Spying on You?

02 Feb 2019; Lately we have had a lot of calls regarding high levels of malicious emails. This is especially dangerous to businesses poorly trained in Basic Cyber-Security.

Why is this happening?


Earlier this year (January 2019) the now famous Collection #1 was made public on the dark web. This collection is a compilation of stolen access credentials for over 773 Million login names and passwords. Since then, 4 more treasure troves of credentials have been released, bringing the total up to 2.2 Billion. Given there is only 7.7 billion of us on the planet (Nov 2018), then there is a high likelihood that some of YOUR, or YOUR Business's login details have been released to the dark web and all the Hackers Crackers and Virus Attackers that haunt the dark web looking for targets.

Many logins that YOU have, use your email address as a username. Basically, stolen login details have put YOUR email address directly on a list that Hackers can easily target for their criminal activities. It's not just emails. Other logins you have could also be compromised.
The high levels of phishing and other malicious email is simply a reflection of YOUR address being a more public target than before.
The danger is the credentials that have been released, combined with the very high incidence of password re-use among poorly trained users.


How can I check my email address to see if it is on the list of stolen logins?"



Fortunately there are a couple of safe websites run by the good guys. These sites have uploaded these lists to their databases so you can check your email address(s). We recommend that you test on both as some of the source data may vary.
  1. Have I Been Pwned - Author Troy Hunt

  2. Identity Leak Checker - Hasso-Plattner-Institut


What to do if you find your credentials have been compromised.



Presumption: You understand that IT security is all about making life harder for the Cyber-Criminal.

  1. Login to every application and website that you have a login for and change your passwords. Use a password management tool like 1Password, Keepass or Lastpass (Links shown below) to generate unique and safe passwords. Given we all have too many passwords to remember these applications will store them in a vault so that you don't have to remember them.

  2. Old sites that you no longer visit or require. (You may have forgotten these in the above action) Login and delete your account.
  3. Get your employees to run the checks, and report their findings. Instruct them about cleaning up their security

  4. Turn on 2-factor authentication (2FA). Although this is often unpopular with many users it is a necessary evil. Companies like Microsoft with their Office 365 and Google with their G-Suite have improved and streamlined their 2FA systems to the point where it is now quite palatable, especially with the angst it saves and that added level of security.

  5. Train yourself and your staff on Basic Cyber Security.

  6. Sign up for a managed security service that includes staff training, dark web monitoring and much more. Ask us how we can help.



Stolen Login Article - References:


Wikipedia article - Collection #1
Krebs on Security

Password Management tools:


1Password
KeePass
LastPass
Please note: The author has no financial interest in the promotion of these password management tools other than trying to help his customers remain secure.

Image Credit:
Copyright: stevanovicigor / 123RF Stock Photo






Link: Four new caches of stolen logins put Collection #1 in the shade. Tomáš Foltýn - Security writer for ESET


Back...
 
 
© 2018 CT Business Solutions Limited. All Rights ReservedPrivacy Policy Terms & Conditions View Desktop Version