ALL internet users have been warned over dangerous “credential stuffing” hacks over Christmas.
Cyber-experts have warned of a holiday rise in the attacks – which use leaked passwords to break into your accounts.
When websites leak or are hacked, huge file dumps containing passwords are uploaded online.
Hackers then try these passwords on your other accounts – or other users.
They hope that you’ve re-used your passwords, or have chosen simple and commonly adopted logins.
This gives hackers easy access to your online accounts without having to directly compromise your system.
If hackers can gain access to your Gmail or Outlook with this technique, they could then break into even more accounts.
Cyber-experts at Arkose Labs have warned that there were over 2billion “credential stuffing” attacks during the last year.
And they said that the scale of attacks grew exponentially in recent months – and could peak over Christmas.
Hackers can steal and use your private info, resell it, drain your bank accounts and wreak havoc across your online life.
And there’s an increasing pool of leaked passwords to choose from.
Just days ago, we revealed how a whopping 5.5billion passwords had been hacked – and then logged through HaveIBeenPwned.
The news came after site creator and Microsoft exec Troy Hunt revealed that 225million breached logins had been added to the site.
How to stay safe this Christmas
You can use HaveIBeenPwned to check your own email to see if you’ve been caught up in any leaks.
But remember: even if your email hasn’t been breached, you may be using a simple password that has leaked from someone else.
This could also get you hacked.
And you should consider using a password manager – like Apple’s iCloud Keychain or Google Chrome – to generate strong passwords and be warned of re-used logins.
There’s obviously a huge risk for anyone whose username and passwords from different sites have been hacked.
It’s important to immediately change your log-in details to stay safe.
But even passwords uploaded online without associated usernames can put you at risk.
Read the original article here.
