Mystery cloud storage service exposes 580 million customer passwords – but it might all be OK

Tajammul Pangarkar
Tajammul Pangarkar

Updated · Dec 21, 2021

SHARE:

Scoop.market.us is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.
close
Advertiser Disclosure

At Market.us Scoop, we strive to bring you the most accurate and up-to-date information by utilizing a variety of resources, including paid and free sources, primary research, and phone interviews. Our data is available to the public free of charge, and we encourage you to use it to inform your personal or business decisions. If you choose to republish our data on your own website, we simply ask that you provide a proper citation or link back to the respective page on Market.us Scoop. We appreciate your support and look forward to continuing to provide valuable insights for our audience.

The UK National Crime Agency (NCA) has discovered a database containing more than 585 million stolen passwords and emails, and shared it with Have I Been Pwned? to expand and update its database of breached info. 

Have I Been Pwned? is an online service where people can go to check if their email, passwords or other personal details have been compromised, and even identify in which breach this happened. 

According to the report, the NCA found the database in a “compromised cloud storage facility”:

“Huge amount”

“During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility. Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown,” the organization’s announcement reads.

“The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offenses.”

Of the 585 million passwords that were shared with HaveIBeenPwned, more than 225 million were unique – those he hasn’t seen before. With 613 million credentials already sitting in Have I Been Pwned's database, this launch now brings the total number up to around 847 million.

Creating strong passwords

Cybersecurity experts often claim passwords are one of the weakest security measures in existence, better only than having no password, at all. 

Businesses, workers and individuals are advised to switch to a passwordless method, such as biometrics (fingerprint scanner, facial recognition, or similar), or to deploy multi-factor authentication, either through security keys, a 2FA app, or a token generator. 

Many people still use weak and easy-to-guess passwords, risking their online identities being easily stolen. 

For example, “123Tests” was one of the passwords found in the database. Passwords should always be a combination of uppercase and lowercase letters, numbers and symbols, should not represent anything easily discovered online (a date of birth, the name of a significant other, or a pet, for example), and should never be the same for multiple services. Many experts are recommending password managers as means of creating and maintaining strong passwords.

Source Link Mystery cloud storage service exposes 580 million customer passwords – but it might all be OK

SHARE:
Tajammul Pangarkar

Tajammul Pangarkar

Tajammul Pangarkar is a CMO at Prudour Pvt Ltd. Tajammul longstanding experience in the fields of mobile technology and industry research is often reflected in his insightful body of work. His interest lies in understanding tech trends, dissecting mobile applications, and raising general awareness of technical know-how. He frequently contributes to numerous industry-specific magazines and forums. When he’s not ruminating about various happenings in the tech world, he can usually be found indulging in his next favorite interest - table tennis.

Latest from Author