With each passing day, it is getting harder to keep our online presence safe and secure, thanks to hackers finding crazier ways to breach into our lives.
However, now, it looks like things have surely gone to a whole new level as an unprotected database has been discovered online consisting of confidential data of over 3.2 billion users.
Getty Images
Reported first by CyberNews, the data consists of cleartext emails and passwords that have surfaced on a popular hacking forum, collated from previous hacks occurred on Netflix, LinkedIn, Exploit.in, Bitcoin and others.
The breach is known as a COMB breach or Compilation of Many Breaches which is known to contain more than twice the unique email and password pairs. The data as of now is archived in an encrypted password-protected container. The breach is somewhat similar to what was faced in 2017 when 1.4 billion credentials were made online.
This breach also uses a script named count_total.sh script. But this time, they’ve also included scripts query.sh for querying emails and sorter.sh for sorting the data it contains. After running the count_total.sh script, CyberNews discovered that over 3.27 billion credentials are stored in the aforementioned container.
CyberNews highlights that one of the reasons such massive breaches occur is since most users use a similar ID-password combination for a variety of services — whether it is their social media, personal email or services like Netflix etc. This basically means that all the locks have one key, and attaining this one key will unlock everything for the hacker.
Cybersecurity experts recommend users to enable two-factor authentication on services that support it to add an additional layer of security despite the similar password.
In case you’re worried that your credentials could have gotten leaked, you can check it out here. As always we recommend you to add special characters and numbers to increase the strength of your password and make it hard to crack.
How to find out if your account has been compromised
In case you wanted to learn if your account has been listed in one of the many data leaks that have surfaced in the past, you can simply head to haveibeenpwned.com where it’ll ask you for the ID and inform you about the safety of your account.
Getty Images
Additionally, in case you’re a Google account user on Google Chrome or Android, Google will notify you if it has found your account in a data breach, regardless of whether the breach was from Google or any other place you’ve used the Gmail account.
In case your email address is flagged through either of these services, it is strongly recommended you change the password to maintain its safety in the future.