Stay safe: Massive database of stolen passwords surfaces

mobile security DXC Blogs

Every few months, it seems, a big trove of usernames and passwords surfaces somewhere.

This week it was uncovered by Bob Diachenko of Kromtech Security Research Center. He wrote about a massive trove of emails and passwords appearing online. As Diachenko explains, the database of 560 million emails and passwords may have been curated from other exposures, and some seem years old.

Still, the fact that these emails and passwords are available is cause for concern – especially for those people (you know who you are) who don’t change their passwords or like to resuse their passwords on multiple sites.

How did this database surface?

According to Diachenko, it’s an unsecured MongoDB. There’s a lesson in that: Everyone needs to understand how important it is to button-down cloud databases and cloud environments. One slip and a database is easily accessible from anywhere. That’s no good, and that goes without saying.

If you need a reminder on good password hygiene, be sure to see my post, 5 common password sins that weaken security. The basics are pretty simple: Keep a strong password, don’t share it with anyone and don’t reuse it on multiple websites or services.

It’s also a good idea to not use a publicly known email address or username as the username for secured services. And when a website or service is breached, change that password immediately. In addition to not wanting your password to be easily guessed or cracked, you don’t want bad actors accessing your account when they throw lists of usernames and passwords against online services to see if any stick.

I also recommend password managers, with one condition. Don’t use the form filler plug-ins, as those seem to be an area of weakness for these apps. We covered the pros and cons of password managers here.

Stay safe out there!

RELATED LINKS

Cool security tools your mobile workers just might use

Password managers: Secure tool or single point of weakness?

About that Twitter password breach

Trackbacks

  1. […] Stay safe: Massive database of stolen passwords surfaces […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: