Brace yourselves, as the cybersecurity attacks this year are just becoming bigger and more dangerous. In the latest attack, we saw the biggest collection of passwords leaked, with the number reaching as high as 8.4 billion password entries.
A user posted a text file, which contained the passwords, on a popular hacker forum. The working theory right now is that the file contains passwords from previous breaches and leaks.
Now, the author also claimed that the file contains around 82 billion passwords. However, the CyberNews outlet ran tests and proved that the actual number is ten times lower. With that said, the previous largest breach, Compilation of Many Breaches (COMB), contained 3.2 billion passwords.
The RockYou2021 Breach
Speaking of COMB, there’s some speculation that the RockYou2021 one was actually modeled after it. One of the reasons for that is that the RockYou2021 file contains all the aforementioned 3.2 billion passwords.
Based on that knowledge, the person who leaked all of this information has apparently been collecting and storing leaked passwords over the years. Hence the biggest collection of passwords leaked.
Another thing to note is that the hacker(s) named their breach after the RockYou data one, which happened back in 2009. In it, cybercriminals made their way into MySpace user pages and widgets. They collected more than 32 million passwords then.
Revisiting the 2021 Breaches
In 2021 alone, we’ve already had our fair share of password breaches, with some of the biggest platforms in the world being compromised.
First, there was a group of North Korean hackers who targeted security experts. They created a fake cybersecurity company, and started their attacks in January, with the whole thing reaching its peak in March. That’s when Google’s TAG identified the website and profiles of the company.
Then, in April, we saw one of the biggest Facebook data leaks in history. A low-level forum had collected and distributed phone numbers, as well as personal data of over half a billion users. Some of the data in questions had full names, email addresses, and even locations.
Only a few days after that, someone scraped the LinkedIn archives and tried to sell information gathered from over 500 million profiles. Some of the information the hacker was offering included email addresses, names, phone numbers, and other data.
As Executive Protection professionals, we can no longer sit on the cyber sidelines if we want to truly be effective at protecting our VIPs. This breach and the many other cyber-attacks in 2021 clearly demonstrate an increase in activity. It is therefore critical that those in EP embrace the threats of the digital information age and work to protect against or mitigate them as best as possible.
Developing relationships with your corporate IT security folks and having regular conversations with them is probably a good start. You don’t have to be an IT expert, but you should know who they are in your organization and what issues they’re tracking.
Also, if you want those conversations to be more effective, make sure you educate yourself on some elements of their world and learn some of their language. If you’re looking for a great place to stay on top of cyber issues that relate to Executive Protection, I highly recommend you check out the Cyber Threat and Protection forum on the VIP Local Asset Network (www.viplocalasset.com). – Justin Hanson, CEO SpecVIP Protection Group Inc.
The Biggest Collection of Passwords Leaked — Now What?
As you can probably tell by now, 2021 is the year of cyberattacks, phishing scams, malware, and all things bad. So now, more than ever, it’s important that every person starts taking their online safety and privacy more seriously.
One of the easiest ways to do that is by having good password hygiene and implementing the right practices. That includes using a password manager, making passwords long and complex, and never reusing old ones.
Also, it’s important to do security assessments, and most organizations should consider pen-testing. Finally, in situations like these, having cyber insurance is invaluable.
And if you’re worried that your data was part of the RockYou2021 breach, you can check out the CyberNews data leak checker. It will tell you whether your information is still safe, and how to keep it that way.