273 Million Passwords Stolen From Google, Yahoo, Microsoft In Massive Security Breach

273 Million Passwords Stolen From Google, Yahoo, Microsoft In Massive Security Breach


In his most recent attack, the notorious hacker known as “The Collector” allegedly managed to pull off one of the largest security and email breaches in recent history, adding an estimated 273 MILLION email accounts and passwords to his massive 1.7 billion “collection.”

This includes the email addresses and passwords for some 40 million Yahoo Mail, 33 million Hotmail/Outlook accounts, 24 million Gmail accounts, and tens of millions more. (NOTE: This was a separate incident from the 500 million Yahoo accounts that were stolen back in 2014. C’mon, Yahoo! Pull yourself together!)

On top of that, it’s been reported that millions of new hack attempts are being made each day.

Well damn, that sucks. Now what?

What this means is, basically anyone with an email address should change their password immediately, as there is no way to know if your details are on the list of stolen accounts.

***If you haven’t changed your online passwords in the last 30 days, do it now.***

But don’t make the same common mistakes most people make, like using the same password everywhere or using easy-to-guess-passwords like these:

The 25 most common passwords of 2016:

(HINT: Don’t use these.)

  • 123456
  • 123456789
  • qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • password
  • 123123
  • 987654321
  • qwertyuiop
  • mynoob
  • 123321
  • 666666
  • 18atcskd2w
  • 7777777
  • 1q2w3e4r
  • 654321
  • 555555
  • 3rjs1la7qe
  • google
  • 1q2w3e4r5t
  • 123qwe
  • zxcvbnm
  • 1q2w3e

(Data provided by Keeper Security)

 


“This is stunning in light of the fact that today’s brute-force cracking software and hardware can unscramble those passwords in seconds.”


 

Now, once you’re done rolling your eyes at that list, admit it — you’re guilty of using dumb passwords yourself. We’ve all done it. But really, who can remember a unique, highly-secure password for every single account?

The Top 4 Ways hackers can crack your passwords

#1 – Brute force attack. This is a random-trial-and-error method. Basically, hackers use advanced software to randomly try names and numbers to crack passwords through various common patterns. Sometimes, some clever guesswork can be added into the mix. Birth dates, kids’ names, pet names, nicknames, hobbies, favorite actor’s names, are all commonly used.

#2 – Dictionary hacking. A form of brute force attack, dictionary hacks use various permutations and combinations of dictionary words. Hackers use dictionary software to automatically try various combination of words to crack your password. It’s reported that over 50 percent of passwords are cracked through this process.

#3 – Phishing. This is one of the most common (and easiest) ways for hackers to get usernames and passwords. Victims are tricked into divulging their login credentials through the use of cloned websites that mimic official sites, where you’re asked to fill in your username, password, and sometimes credit card/banking details.

#4 – Keylogger attack. This hacking tool is often spread through virus or malware infection. A hidden keylogger app is unknowingly installed on your computer, which records all your keystrokes and Internet activity. The stolen information is then relayed back to command and control servers for hackers to use.

What you should do, starting now

You *could* create unique passwords for every account with even more complicated, nonsensical jumbles of letters, caps, numbers, and symbols… (which has been conventional security wisdom). The problem with that is, as it turns out, these types of passwords really aren’t much harder for hacking algorithms to crack. All it does is make passwords harder for humans to remember and creates new security vulnerabilities (like people reusing passwords or keeping lists of all their logins and passwords in a note on their mobile phone).

Now, a new standard is emerging for passwords, backed by recent security research — to the relief of computer users everywhere. The new direction favors password length (passphrases) rather than complexity. For example, ‘mypasswordissomethingthatisnoteasilyguessed’ is far more secure than something like ‘@P4s5w0rd!’

A number of Carnegie Mellon University studies confirmed that passphrases are just as good at online security because hacking programs are thrown off by length nearly as easily as randomness. To a computer, simple sentences can be just as hard to crack. What’s even better? People are less likely to forget them.

But don’t use popular song lyrics or poetry in your passphrases, since hackers can download libraries of common phrases. A good test is to try typing your passphrase into a Google search to see if the search engine can auto-complete it. If it can, it’s a common phrase. You can also step things up by adding a comma or other special character into your phrase.

Unfortunately, there is no magic formula for an unbreakable password, but you can definitely improve your odds by following these tips.

UPDATE
Since we originally published this article, we learned of a new security device that can lock down your computer, smartphone, tablet, and online accounts. It works by automatically generating unique, highly secure passwords for all your accounts without ever needing to remember them.

This technology is a real game-changer. Right now you can save 67% HERE.

EveryKey