How to protect yourself from password leaks

A significant security breach has emerged that could affect internet users for many years to come.

Security software company Kaspersky says nearly 10 billion unique passwords have been leaked on a popular forum.

This breach was larger than the RockYou2021 database released in June 2021. This latest database is called RockYou2024.

“This record-setting release of passwords was sourced from decades of data breaches and has the potential to be exploited in future attacks,” says Kaspersky.

“The database, named “rockyou2024.txt” reportedly contains nearly 10 billion unique passwords, collected from thousands of data leaks,” notes Kaspersky.

Experts say this record-setting release of passwords was sourced from decades of data breaches and has the potential to be exploited in future attacks.

According to reports by Cyber News, the latest leak took place on 4 July this year.

ALSO READ: Common tactics used by hackers targeting governments across Africa

How to protect yourself in the aftermath

• Check the breach impact – when a data breach occurs, the first thing a user is advised to do is to check whether their data has been affected. There are modern security solutions, which will enable the detection of leaked data and provide alerts to enhance security measures if necessary.
• Change your passwords as soon as possible – in the event of a data breach, it is essential to change your passwords immediately and consider all other sites where the same password is being used.
• Block and reissue your bank card, if necessary – if payment data was stored by a service that experienced a data breach, it is best to block and reissue a card for added security. Usually reissuing a bank card does not take too much time and effort, therefore preventing a greater inconvenience.
• Install a reliable password manager – a tool like a password manager creates strong passwords and stores them securely in an encrypted vault. Besides, it is enabled to monitor data leaks and check if user’s passwords were compromised.
• Set a two-factor authentication – a recent survey by Kaspersky revealed how easily compromised accounts can be without authentication and strong passwords. To protect an account from unauthorised access, it is highly recommended to set up two-factor authentication. This can be accomplished by receiving a confirmation via SMS, email, or using an authentication app or password manager that generates one-time codes.
• Securely close unused accounts – if there are no plans to continue using a service after a data leak, it is advisable to delete the account and request the complete removal of all collected data by contacting technical support or the address in the Privacy Policy.
• Share only the essential minimum of personal information online – as massive service leaks are not uncommon, it is recommended to minimise information provided to a service. When you register, using a main email address is unnecessary: auto-substitution can be used instead. Additionally, if not required, omit the real name and residence address.

ALSO READ: ‘SA passports among cheapest being sold on dark web’ – study