In a shocking development, Cybernews recently found a cache of exposed stolen login credentials.
These credentials were real, and there was a surprising number of them. Some 16 billion login credentials were exposed – 16 billion! That’s a number that isn’t comprehendible. It’s a number you hear on the news, usually in a science segment or in a finance segment talking about the ultra-wealthy.
The exposed dataset wasn’t available for very long, but they were able to examine it before it disappeared. This dataset contains stolen login credentials, mostly gained via malware. The credentials came from everywhere – from web sites around the world including popular web sites and cloud services.
While it turns out there is no need to panic, it’s understood that some or all of the data in the dataset is not new but is a compilation of earlier breaches and infostealers. Scant comfort is better than no comfort, but it does expose a bigger issue.
When news of this treasure-trove of login credentials hit, there was a marked lack of reaction from the public. Sure, scepticism of the discovery happened quickly – many security experts feel that this was a bit of a case of crying wolf. But the initial reaction by the public was to shrug.
After all, how many times can a person’s login credentials get stolen? How many times should an individual go through the cumbersome process of updating passwords? Especially when it seems like there are more breaches every day. Keeping track of which breaches impact which credentials and then making the necessary changes begins to look like a Sisyphean task.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataCybersecurity fatigue is real
The public is becoming increasingly numb about cybersecurity incidents. Reminders to update passkeys, use password managers, don’t reuse passwords, and enable multi-factor authentication are a constant drumbeat.
With every hysteria-filled announcement of yet another breach that spills user data and login credentials, more people tune it out as background noise. Unless there is personal experience like a bank account or social media getting hijacked, it’s not hard to understand why they tune out.
People intellectually acknowledge facts and inconvenient best practices, but rarely emotionally understand well enough to make actual changes to their habits.
Get a password manager
The ugly truth: good cybersecurity is difficult, even when just talking about login and passwords. Its time people acted on the cybersecurity best practices that they keep hearing about. Here’s your call to action – Get a password manager.
Then use long, randomly generated passwords. Every login should have its own password, no repeating of passwords. Give up on the idea that you can enter a password from memory, those days are over. A password manager is required to generate and store these passwords, as well as enter them when it comes time to log in. Lastly, that password manager needs to work across every platform you use be it, Apple (phones, tablets, macs), PC, Android, and/or Linux.
There is a small learning curve– using a password manager requires effort and changes how you log in – but these programs are designed to be easy to use. Changing habits is hard and not being able to just instantly enter a memorized password feels frustrating at first. But long term its worth it. These breaches are NOT going to stop and the spread of AI may speed up the number of cybersecurity incidents.
How to avoid stolen credentials
However, there needs to be a reckoning to correct old thinking and ideas. Let’s take a look:
• Password managers are not hard or scary – they are designed for ease of use and there are tons of tutorials.
• Password re-use is a vulnerability, no matter how easy it makes things.
• Never having been victim of a cybersecurity breach or not knowing anyone who has been doesn’t mean the threat isn’t real.
• This isn’t about having perfect security. It’s about protecting yourself and limiting damage if a breach occurs. Just like locking your doors and putting your blinds down at night. Take the plunge yourself, get a password manager, then show a friend that it isn’t that hard and, in the end, never forgetting a password is a time-saver too!
