- QAnon believers link small-town arrest to deep state conspiracy without evidence 3 Months Ago
- Instagram photos showing prison conditions spark massive protest 3 Months Ago
- ‘Gay rat wedding’ headline sparks amazing new meme Today 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Today 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Today 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Today 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Today 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Today 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Today 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Today 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Today 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Today 9:57 AM
- 47 House Democrats sign criticized net neutrality working group letter Today 9:17 AM
- How ‘and I oop’ became the perfect reaction meme for shocking developments Today 8:47 AM
- Netflix’s ‘The Perfection’ is a totally unhinged, WTF horror film Today 8:00 AM
How to protect yourself from the data breach that affected 744 million accounts
WikiMedia Commons (CC-BY)
Take action now.
A hacker who made headlines this week for selling the details of more than 617 million accounts on the dark web has obtained 127 million more, bringing the total number of hacked accounts to 744 million.
As first reported by the Register Monday, the initial 617 million records, obtained from 16 hacked websites, are currently for sale on a dark web marketplace for $20,000 in bitcoin. The affected websites listed by the hacker are Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data, depending on the website it was acquired from, includes everything from names, email addresses, and passwords, as well as location information and social media authentication tokens. The Register notes, however, that the passwords appear to be hashed, meaning they must be decrypted before being used, and that no financial information was among the data.
The second data set, reported on by TechCrunch Thursday, includes 127 million records from an additional eight websites. Those services are Ixigo, YouNow, Houzz, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. Some of the websites, including Ixigo and PetFlow, used outdated algorithms to scramble and store passwords, meaning hackers will have little difficulty in cracking them open.
Although information from each website is being sold separately, the total asking price for the second data set is roughly $14,500 in bitcoin.
Several of the companies listed among the 744 million records have confirmed breaches, leading experts to conclude that the data is genuine. Anyone who has ever had an account with any of the aforementioned services is advised to change their passwords. Given that many individuals reuse passwords, hackers will undoubtedly test the hacked login credentials on other services such as Gmail and Facebook as well.
Users should also enable two-factor authentication on all services where it’s available, which will protect them even if their password is stolen. Using a password manager, which allows you to create and store unique and strong passwords, can also protect users against issues related to password reuse. For added protection, sign up for the free service from HaveIBeenPwned, a website which will alert you when your email shows up in a data breach.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.