Stay safe: Massive database of stolen passwords surfaces

Every few months, it seems, a big trove of usernames and passwords surfaces somewhere.

This week it was uncovered by Bob Diachenko of Kromtech Security Research Center. He wrote about a massive trove of emails and passwords appearing online. As Diachenko explains, the database of 560 million emails and passwords may have been curated from other exposures, and some seem years old.

Still, the fact that these emails and passwords are available is cause for concern – especially for those people (you know who you are) who don’t change their passwords or like to resuse their passwords on multiple sites.

How did this database surface?

According to Diachenko, it’s an unsecured MongoDB. There’s a lesson in that: Everyone needs to understand how important it is to button-down cloud databases and cloud environments. One slip and a database is easily accessible from anywhere. That’s no good, and that goes without saying.

If you need a reminder on good password hygiene, be sure to see my post, 5 common password sins that weaken security. The basics are pretty simple: Keep a strong password, don’t share it with anyone and don’t reuse it on multiple websites or services.

It’s also a good idea to not use a publicly known email address or username as the username for secured services. And when a website or service is breached, change that password immediately. In addition to not wanting your password to be easily guessed or cracked, you don’t want bad actors accessing your account when they throw lists of usernames and passwords against online services to see if any stick.

I also recommend password managers, with one condition. Don’t use the form filler plug-ins, as those seem to be an area of weakness for these apps. Stay safe out there!


Cool security tools your mobile workers just might use

Password managers: Secure tool or single point of weakness?

About that Twitter password breach


  1. […] Stay safe: Massive database of stolen passwords surfaces […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.