Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!
With so much news about data breaches, you have to be careful not to panic each time you hear of a new one. Take the latest report of a major breach.
In the headline for a recent story published by Cybernews, the cybersecurity media outlet said that 16 billion passwords were exposed in a record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable. Sounds scary, right? But reading the story itself paints a different picture.
Also: 184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach
Despite what the headline says, the reported 16 billion passwords didn't come from a single massive data breach. Rather, this is based on 30 different datasets that Cybernews said it's been monitoring since the beginning of 2025.
"Our team has been closely monitoring the web since the beginning of the year," Cybernews said. "So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records."
Further down in the story, Cybernews reveals that the datasets were briefly exposed, only enough for researchers to find them, but not long enough to find the source of the data. Plus, the data itself isn't necessarily new. Cybernews pointed to the datasets as a mixture of information from infostealer malware, credential stuffing sets, and repackaged leaks.
As the leaks come from multiple datasets, there are likely many duplicate records in the mix, which means that the 16 billion number is probably inflated.
Also: The best VPN services right now
Further, Cybernews blamed other media outlets for claiming that Facebook, Google, and Apple credentials were leaked. But Bob Diachenko, a Cybernews contributor, cybersecurity researcher, and owner of SecurityDiscovery.com told Cybernews that there was no centralized data breach at any of those companies. That doesn't mean no credentials from these major tech players were included in the datasets, but simply that they themselves weren't directly hit by breaches in which data was leaked in these incidents.
Despite the tendency to proclaim that the sky is falling with every report of a data leak, breaches do occur, and they can impact you.
They strike every industry, every sector, and every country. Breach victims can be individuals, small businesses, non-profits, or Fortune 500 companies.
IBM estimates that the average cost of a data breach in 2024 for companies was$4.9 million, a 10% increase from the previous year.
Also: How to delete yourself from internet search results and hide your identity online
For individuals, the damage can be more personal than figures on a balance sheet. And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. They may also experience anxiety or fear over how their leaked data will be used now and in the future.
Think you've been involved in a data breach? In this guide, we help you find out where and when, and we list the steps you should take next.
Typically, your service provider will contact you through email or letters, explaining that your information has been compromised.
However, companies may take weeks or months to contact you -- if they contact you at all. Unfortunately, many organizations will still prioritize secrecy over consumer protection in a bid to hush up incidents and protect their reputations.
Also: Rebooting your phone daily is your best defense against zero-click attacks - here's why
Therefore, it is up to you to keep an eye on the news for any recently disclosed data breaches.
Recent reported data breaches include MCNA Dental, Dish Network, PharMerica, and Capita.
Have I Been Pwned is a search engine that you can use to see if your data has been breached.
Have I Been Pwned, operated by security expert Troy Hunt, is the first resource you should use to find out what data breaches you have been involved in and how extensively your data has been leaked.
Also: I clicked on four sneaky online scams on purpose - to show you how they work
The search engine allows you to search either by your email address or phone number and will flag any breaches containing your data when they happen by cross-checking billions of leaked records added to the Have I Been Pwned database.
If you type in your details and are rewarded with a green screen, congratulations, you haven't been involved in any notable data security incidents. However, if your data has been compromised, you will see a screen (shown below) telling you which breaches have impacted you.
If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach. Password managers can periodically check for any evidence of your password and email combinations ending up posted online or being made available on the dark web, and will alert you to any changes you should be made aware of.
Also: The best password managers right now
Should you become embroiled in a security incident, check where the compromised password is in use. You should always use different and strong, complex passwords to secure your accounts (another area a password manager can help), and this is why: once one service is compromised, the same password and user combination could lead to an exposed account elsewhere.
Recycled credentials leaked online from company A could be used to access your account from company B, for example.
1password: an example of how passwords can be kept safe in a management vault.
Credit monitoring services, including Experian and LifeLock, are beginning to integrate data breach monitoring, too, as these situations can result in identity theft -- a criminal act that can severely impact your credit reports and scores. However, unless you have notifications enabled, you may not be warned of any changes unless you have logged in or you have checked your email.
Also: The best identity theft protection and credit monitoring services
Many credit agencies now also offer data breach monitors on a free or paid plan basis. If a set of credentials belonging to you are found in a new data leak, these organizations will tell you -- allowing you to take action quickly.
Whether or not financial information is involved, if enough personal data is available online, ID theft and fraud are still risks.
Unfortunately, credit monitoring services are now necessary to be alerted to suspicious activity that could place your reputation, finances, and creditworthiness at risk. However, even if you aren't willing to pay for a premium subscription, you should still consider signing up for a free option.
Also: 4 ways to secure your remote work setup
If your payment card details, bank accounts, or other digital financial services have been compromised, call the provider immediately (or freeze your cards using the mobile app, if your app has that feature). You must also inform your bank or financial services provider so they can be on the lookout for suspicious and fraudulent transactions.
What you do next depends on the severity and type of data breach. The likelihood is that you have already had your personally identifiable information (PII) leaked in some form or another online regarding basic details -- such as your name and email address. In this scenario, there is not much you can do.
However, if your online account details have been compromised, whether or not passwords are hashed, you should change them immediately. In addition, if you are guilty (as many of us are) of reusing password combinations across different platforms and services, you should change them immediately.
It's good practice, in any case, to change your online credentials at least every three to six months. Try to improve them with complex combinations. If you're not certain you can remember them, opt for a password manager.
Also: Personally identifiable information (PII): What it is, how it's used, and how to protect it
Whenever you can, enable two-factor authentication (2FA) -- especially after you've become a victim of a data breach.
Two-factor authentication implements a second layer of security on your accounts, so if your credentials have been leaked, attackers would also need access to your email account or handset to grab the verification code required to access your account. Granted, 2FA is not foolproof, but it's better than relying purely on a compromised password to protect your privacy.
Consider using a physical security key for any central "hub" accounts, such as your Gmail or Microsoft email address.
A security key is one of the most reliable security options we have today. It might seem backward to use a physical device to secure an online account, but even if an attacker manages to steal credentials, they are denied access without the physical key when they attempt to log in from a new device.
Also: The best security keys you can buy
For example, Google's Advanced Protection Program requires members to use a physical key. This used to be quite an expensive investment, so it doesn't hurt that prices have dropped in recent years.
Security keys can take some time to set up, although the process is more streamlined than it used to be. As a tip, I would recommend purchasing a pair of keys so one lives on your desk -- or is with you when you're traveling -- and one stays firmly in a safe place as a backup.
Many vendors are now exploring passwordless authentication. Google announced the implementation of passwordless support for FIDO sign-in standards in Android and Chrome. Apple and Microsoft intend to follow suit.
Instead of relying on old-fashioned passwords and multi-factor authentication codes, consider using a passkey wherever and whenever possible. Beyond being much more secure that passwords, passkeys are generally easier to set up and use.
Developed by the FIDO Alliance, a passkey lets you sign in to an account using a PIN, a biometric method such as facial or fingerprint recognition, or a physical security key. Because that passcode is tied to you, you're able to use it to sign into the same account everywhere. Passkeys are automatically generated when you choose that option at a supported website. They can also eliminate or reduce the need for MFA codes.
On the downside, passkey support is still limited though more companies are joining the bandwagon. But if your favorite website offers passkeys as an option, you'll definitely want to consider it as a way to escape the burdens of the much-hated password.
According to IBM, the most common initial attack vector cyberattackers use to break into a company's network is the use of compromised credentials.
Also: How to find out if an AirTag is tracking you
These credentials can include account usernames and passwords that are leaked online, stolen in a separate security incident, or obtained through brute-force attacks, in which automatic scripts try out different combinations to crack easy-to-guess passwords.
Other potential attack methods are:
If you've been involved in a data breach as a user or customer, your records may have also been exposed, stolen, or leaked online.
Your personally identifiable information, including your name, physical address, email address, work history, telephone number, gender, and copies of documents including, passports and driving licenses, can all be used to conduct identity theft.
Also: Facebook's new passkey support could soon let you ditch your password forever
ID theft is when someone uses your information without permission to pretend to be you. They may use your identity or financial data to conduct fraud and commit crimes. This can include tax fraud (such as refunds sent to a cybercriminal's account rather than yours), opening up lines of credit and loans in your name, medical fraud, and making fraudulent purchases online.
Criminals may also telephone a company you use, such as a telecoms provider, and pretend to be you to dupe customer representatives into revealing information or making changes to a service, such as in the case of SIM-swapping attacks.
These scenarios can impact your credit score, make you financially responsible for a loan or payment you didn't agree to, and lead to serious stress and anxiety in cleaning up your name and finances. As cybercrime is global problem, it can be extremely difficult for law enforcement to prosecute the perpetrators.
Also: How to protect and secure your password manager
Blackmail, too, can be a factor. When extramarital affairs website Ashley Madison experienced a data breach in 2015, some users were contacted by cybercriminals threatening to tell their partners, friends, and colleagues about their activities unless they were paid.
The attacker may conduct surveillance first, mapping a network to find the most valuable resources or to discover potential pathways to jump into other systems.
Also: FBI warns of public 'juice jacking' charging stations. How to stay protected
The majority of data breaches are financially motivated. Attackers may deploy ransomware to blackmail their victims into paying up to regain their access to the network. In so-called "double-extortion" tactics, hacking groups may first steal confidential information and then threaten to leak it online.
Alternatively, some may grab and go, stealing the intellectual property they came for and then erasing their tracks. Others may test their access point and sell it to other cyberattackers via the dark web.
Also: How to use Tor browser (and why you should)
In some cases, network intrusions are for one reason alone: to disrupt services and damage a company.
Some miscr...
Горячие метки:
Технологии и оборудование
Безопасность и охрана
Зарегистрируйтесь по электронной почте сейчас для еженедельной акции акции
100% free, Unsubscribe any time!
Add 1: Room 605 6/F FA YUEN Commercial Building, 75-77 FA YUEN Street, Mongkok KL, HongKong Add 2: Room 405, Building E, MeiDu Building, Gong Shu District, Hangzhou City, Zhejiang Province, China
Whatsapp/ тел: +8618057156223 * телефон: *: 0086 571 86729517 Tel in HK: 00852 66181601
Электронная почта: [email protected]
English
Pусский
Français
Español
Português
