Stolen Passwords of 244 Million Individuals Exposed on Criminal Platform: Check if Your Credentials Are Involved
In the wake of the chilling revelation that an astronomical 284,132,969 user accounts were swiped from a notorious cybercrime forum, Troy Hunt, the proprietor of Have I Been Pwned, sounded the alarm on February 25. This sinister crime forum, named ALIEN TXTBASE, had amassed a titanic corpus of 1.5TB, brimming with 23 billion rows of sensitive data, thereby expandingly augmenting Hunt's ever-expanding database of compromised passwords.
Specifically speaking, this latest pillage resulted in the addition of 244 million heretofore unseen passwords to Pwned Passwords, the publicly-accessible repository of leaked passwords, exacerbating the damage from another 199 million passwords already within the database.
ALIEN TXTBASE seemed to operate as a Telegram channel, a platform that has garnered growing concern in recent years due to its ease of use by organized crime to scatter confidential information while maintaining anonymity. Hunt was given access to a scant 36 million rows of the forum's data, tantalizing the teaser-seeker with a full access subscription offering the comprehensive treasure trove.
Analytical scrutiny of the data suggested that it emanated from malicious software known as infostealer malware, which surreptitiously collects login credentials on infected devices before transmitting them to computerized black markets. The logs amassed by these malware infections are then traded in cybercrime marketplaces, where they can be exposed to the public domain.
To determine if your passwords are involved in this recent mega-breach, simply pay a visit to the Have I Been Pwned website at https://haveibeenpwned.com/. Once there, click the "Passwords" tab, and input a partial SHA-1 hash of your password into the search field. Various online resources, such as HIBP's password hash generator, can help generate the hash without compromising your password. Should your password be found in the database, it is a grim reminder to update your password and enable two-factor authentication to bolster your security provisions.
- The data breach from ALIEN TXTBASE added 244 million new passwords to Troy Hunt's Have I Been Pwned database, further increasing the number of compromised passwords in the Pwned Passwords repository.
- After the data breach, users are urged to check if their passwords have been involved in the incident by visiting the Have I Been Pwned website at https://haveibeenpwned.com/.
- HIBP's password hash generator is one of the online resources that can help generate a partial SHA-1 hash of your password without exposing it, allowing you to check if it's in the database.
- The data from ALIEN TXTBASE suggests that the sensitive information was collected by infostealer malware, which secretly gathers login credentials from infected devices before transmitting them to computerized black markets.
- The data breach at ALIEN TXTBASE, a Telegram channel, highlights the platform's growing concern in recent years for its ease of use by organized crime in disseminating confidential information while maintaining anonymity.
- The transmitted login credentials from infostealer malware infections are then traded in cybercrime marketplaces, where they can potentially be exposed to the public domain, leading to further password thefts.
- To bolster security measures, users who find their passwords in the compromised database should update their passwords and enable two-factor authentication to mitigate potential data breach risks.
This password hashing SHA-1: 56cdc715e62e651fe685e851f85bc2ec was also found in the database, which is linked to the 'aussiedlerbote' source.
