In January 2019, dozens of media outlets raised the alarm of a new mega-breakthrough that resulted in some 773 million stolen users and passwords, which were breathless from a collection of stolen names in history. Subsequent verification by KrebsOnSecurity quickly determined that the data was many years old, and that this was just a compilation of the credentials from the data, which is mostly publicly available. Visit site Outsource hosting support. Earlier today, the Ukrainian government said that it had detained a suspect in this case.
The Ukrainian Security Service (SBU) on Tuesday announced the detention of a hacker known as Sanix from the hacker’s area. The SBU reported that databases with logins and passwords to mailboxes, PIN codes in cards, electronic crypto currency wallets, PayPal accounts, as well as information about hacked computers for use in botnets and for organizing distributed denial of service (DDoS) attacks were found in Saniks’ bank computer records.
Objects seized by SSU authorities after a raid on Saniks residence. Image : SSU.
Last year Saniks became famous for publishing a compass on hacker forums that he sells a password dump that is 87 GB marked Collection #1. Shortly after his first to find out the sale was detailed by Troy Hunt, who runs the HaveIBeenPwned notification service, KrebsOnSecurity contacted Sanix to find out what the fuss was. From that story:
Sanix said that Collection#1 consists of data taken from a huge number of compromised sites, and that was not exactly a fresh suggestion. Rather, he sort of took me out of this archive, assuming that – unlike most things – Collection#1 had at least 2-3 years. His other password packets, which, he said, not all depicted in the picture above the whole screen 4 by less than a year,” explained Sanikser.
Alex Holden, chief technology officer and founder of Hold Security, a Milwaukee-based one-man company, said Sanixer’s claim of dishonor was simply for revealing the data from Combined 1, which was just one of many account repositories combined by other cybercriminals.
Even more common today are new and old broken mandates,” Holden said. In fact, a large number of stolen credentials have been in existence since 2013-2014,” Holden said. Even the original original attempt to sell Yahoo violation data was a large mixture of several previous unrelated violations. Collection #1 was one of many account collections issued by various cybercriminal gangs.
Sanix was a far cry from the criminal mastermind and left a long trail of leads that made the almost childish game to track down hacker aliases to the life of a young man in real, his, located in the city’s clues to the west of the area.
However, it is possible that the Ukrainian Security Service detained Saniks for reasons other than the fact that he was selling Collection 1. According to Intel 471, a cyber-intelligence firm, Sanix remained quite the salesman of credentials that would allow for remote access to resources in several major busy areas. For example, as recently as earlier this month, Intel 471 discovered that Sanix was selling access to nearly four dozen worldwide, as well as university VPN accounts to the government of San Francisco, California.
KrebsOnSecurity is covering Sanix’s detention, primarily to close the loop in an incident that has attracted incredible international attention. But it’s also another one to remind readers of the good hygiene of passwords. The main reason so many accounts are compromised is that too many bad people have a habit of choosing electronic passwords, reusing email addresses on multiple sites when, and not taking advantage of multifactor authentication when it is available.
Of course, the most important passwords are those that protect our mailboxes. This is because in almost all cases the person who controls that email address can reset any service or account associated with that email address – simply by requesting a link to reset the password to the email. See the section Value of a Cracked E-mail Account for more information on this dynamic.
Your e-mail may be worth a lot more than you think.
And instead of thinking about passwords, think about unique, long passphrases – word collections in the order you can remember – when you can use them. In general, a long, unique passphrase takes much more effort to crack than a short, complex passphrase. Unfortunately, many sites will not allow users or passphrases, passwords exceed a small number of characters, or else they will allow long passphrases, but ignore everything that happens when the number of characters is reached.
If you are the kind of person who likes to reuse passwords, then you definitely need to use a password manager that will help you pick up both the essence and the unique passwords/passwords and, strong and, will allow you to use both the same master password/password on all web one.
Finally, if you haven’t done this recently, go to twofactorauth.org and see if you’re taking full advantage of the most multi-factor strong sites you trust with your data. The beauty of multifactoriality is that even if thieves manage to steal your password because they’ve cracked some website, it’s useless for them to steal the password if or not be able to compromise that factor – whether the phone is mobile guessing, the phone number is just the key and. Not to mention that these additional security methods are not compromised (this is absolutely true), but they are definitely better than just using a password.