Stealing personal data through a laptop concept for computer hacker, network security and electronic banking security

42 million usernames and passwords found in files on freehoster

Have you ever wondered were all the personalized phishing mails come from? Or where cybercriminals might know your name, username, and password from? While most of it comes from data breaches (and there are a lot of them) and are sold on the Darknet, some criminal entities apparently like to share the valuable information with everyone.

755 files, 1.8GB of data

According to Troy Hunt from troyhunt.com a huge file dump with lots of data was found on the free, public, anonymous hosting service Kayo.moe. They files contain information like email addresses, clear-text passwords, partial credit card data, Spotify details, and different logs.

Source: troyhunt.com

If you are thinking that there was an enormous data breach somewhere, hold your horses. Apparently the files were not stored in a unified file format and even the Spotify details don’t mean that the music streaming service was hacked. All in all everything indicates that this is just a very huge collection of user data from different sources, conveniently packed for some cybercriminals to be used in their next endeavors.

Dangerous for everyone

Now a lot of people might wonder who is at risk and why breaches – or even only data collections like this one – are dangerous. The reason: Password re-usage. A lot of people are lazy and reuse their passwords for several accounts. This is basically exactly what cybercriminals are hoping for. They will just try and enter the username/password combination at a lot of different well known services in order to break into the accounts and wreak havoc.

Was my account in the mix?

42 million records is a lot. Not all of them are new though: According to troyhunt.com 93% of the data in the files were already in databases like the one of the Identity Scanner and similar services. Nonetheless you should make sure that your user information is not among them. To do so:

If you see the message “Your personal data has been compromised” you should take action immediately.

Change your passwords – NOW!

Your password was in a recent (or not so recent) data breach? Then you should change it immediately by following the below security tips:

If you have trouble coming up with a good, strong, and complex enough password you can always use a good Password Manager to help you out.

 

Exit mobile version