Hundreds of millions of stolen passwords
All these passwords, which are encrypted at more than 225 million, have already been delivered to the web HaveIBeenPwned. This free online service serves to alert users that their password has been leaked. It is very useful to find possible vulnerabilities in the event that an email account, social networks or any platform on the Internet are unprotected.
These 225 million keys become part of the 613 million passwords already existing in HaveIBeenPwned. Here are included accounts of all kinds, since it affects banks, social networks such as Facebook or Twitter, email, Internet forums … We must bear in mind that for almost everything we use passwords today and vulnerabilities can occur at any time.
Something very common is that a service in which we are registered has a problem and the data is filtered. Basically all passwords are exposed on the network and that means that a hacker can also access them and use them to spoof the identity, reach other contacts, sneak malware …
If you want to check if any of your passwords were inside this server with hacked keys, you can do it easily from the HaveIBeenPwned website. In addition, you can see if any other key, even if it was not part of these 225 million, has been stolen at some point. It is very useful to increase security.
Tips to avoid key theft
Now, what can users do to prevent our passwords from being stolen? It is true that sometimes the problem is in a leak that has occurred in a online service we use. In that case it does not depend only on the user, but we can prevent problems. There are different causes for passwords to end up on the Dark Web.
The most important thing is to use passwords that are strong and complex, as well as unique. We must use letters (both uppercase and lowercase), numbers and other special symbols. All this in a random way and you never have to use it in more than one place, since it can produce a domino effect.
But also, it is interesting that those passwords let’s change them periodically. This is precisely what is going to help so that, in case there is a leak on a page that we use, we can solve the problem and an attacker cannot access the account.
Beyond this, we should also turn on two-step authentication whenever possible. It is an extra security barrier that we are going to add to our accounts. A hypothetical attacker, even if he figures out the password, would need a second step to gain entry.