Google warns BILLIONS of passwords have been hacked – how to check yours now
CYBER PANIC
Google warns BILLIONS of
passwords have been hacked – how to check yours now
GOOGLE
has warned users that billions of passwords – and hundreds of thousands of
username and password combinations – have been hacked.
Cyber-experts are now urging users to make sure they're using
tough passwords that haven't already been stolen.
It displays a warning whenever you sign in to a website using
"one of over 4 billion usernames and passwords" that have been
hacked.
Google does this by cross-referencing your log-in details for
different sites with a huge list of hacked log-ins.
"Since our launch, over 650,000 people have participated in
our early experiment," Google's Jennifer Pullman explained.
There's obviously a huge risk for anyone whose username and
passwords from different sites have been hacked.
It's important to immediately change your log-in details to stay
safe.
But even passwords uploaded online without associated usernames
can put you at risk.
If you use a very simple password, it's likely someone else does
too – and they may have been hacked themselves.
Hackers buy huge lists of these compromised passwords from lots
of different sites because people often re-use them.
So hackers are much more likely to gain access to an account by
forcing a long list of "known" hacked passwords than trying random
letters or numbers.
"Hijackers routinely attempt to sign in to sites across the
web with every credential exposed by a third-party breach," said Pullman.
"If you use strong, unique passwords for all your accounts,
this risk disappears."
Google's Chrome extension will show this warning
if you're using a breached passwordCredit: Google5
Password safety – the expert advice
Here's what Javvad Malik, cyber expert at KnowBe4, told The
Sun...
·
"Despite all their weaknesses, it looks as if passwords
will stay for the foreseeable future.
·
"But there are some steps people can take to strengthen
their passwords so that it is less likely hackers can break into their
accounts.
·
"Perhaps the most important step is to not re-use the same
password across different websites.
·
"It is convenient only having one password, but this means
that if someone guesses, or steals one of your passwords, they can then use
that to gain access to any of your other accounts.
·
"Using a password manager can help create and remember all
the different passwords.
·
"Failing that, even writing passwords down can be good in
some cases (just don't leave your notebook lying around).
·
"The second step is to take advantage of two factor
authentication (2FA) wherever it is available.
·
"For many sites that offer this service, in addition to
entering username and password, it will send a code via text message to your
phone which will need to be entered.
·
"Third, and finally, people should be wary of the scams
which try to steal their passwords.
·
"For example, receiving an email with a link from a large
provider such as Microsoft, Amazon, or Apple, and asking people to re-enter
their username and password or risk having their account frozen.
·
"People should never click on such links in emails, and
only navigate manually to any sites they wish to visit if they need to log onto
their accounts."
How to check your password
The free Password Checkup software can be loaded onto Google
Chrome and lets you know if your account details have been compromised in a
cyber attack or data breach.
Once installed, the Chrome extension runs in the background of
your browser and checks any login details you used.
If your password or username matches a Google database of more
than 4 billion compromised credentials, the software will flag them.
An alert that pops up on your screen reads: "Password
Checkup detected that your password for [website] is no longer safe due to a
data breach. You should change your password now."
If a new data breach occurs, the tool will let you if any of
your passwords were compromised the next time you login to Chrome.
It gives you any exposed accounts in a small list that you can
click through to change your passwords.
All information is encrypted, and Google says it has no way of
seeing your data.
"We built Password Checkup so that no one, including
Google, can learn your account details," Google said.
"Password Checkup was built with privacy in mind. It never
reports any identifying information about your accounts, passwords or
device."
You can download Password Checkup from the Chrome webstore by clicking
here.
Alternatively, popular web-tool Have I Been Pwned also lets you check if
you've ever been hacked.5
Here's Have I Been Pwned's list of largest online breaches...
·
Collection 1 accounts – 772,904,991 breached accounts leaked
·
Verifications.io accounts – 763,117,241 breached accounts leaked
·
Onliner Spambot accounts – 711,477,622 breached accounts leaked
·
Exploit.In accounts – 593,427,119 breached accounts leaked
·
Anti Public Combo List accounts – 457,962,538 breached accounts
leaked
·
River City Media Spam List accounts – 393,430,309 breached
accounts leaked
·
MySpace accounts – 359,420,698 breached accounts leaked
·
NetEase accounts – 234,842,089 breached accounts leaked
·
LinkedIn accounts – 164,611,595 breached accounts leaked
·
Dubsmash accounts – 161,749,950 breached accounts leaked
In related news, cyber-experts
recently warned that hackers could hijack your phone to inflict tinnitus, and even melt your
gadgets using "sonic warfare".
And a shock Instagram
blunder let strangers secretly download your photos, videos and location –
with "millions of users" affected.
Comments
Post a Comment