- Is Trump defiling the U.S. flag in this MAGA dude’s artwork? Sunday 4:41 PM
- White woman claims she invented sleep bonnets, selling them for $100 Sunday 4:03 PM
- Even real cats are transfixed by the enigma that is the ‘Cats’ trailer Sunday 3:04 PM
- Wait, how tall is Peppa Pig? Sunday 1:55 PM
- Twitter suspends Iranian state media outlets for harassing members of a religious minority Sunday 1:06 PM
- Pro-MAGA pageant queen stripped of title over ‘offensive’ tweets Sunday 11:52 AM
- Marvel unveiled its Phase 4 plans at San Diego Comic-Con Sunday 9:16 AM
- How a queer Instagram is helping fight the opioid epidemic in Appalachia Sunday 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
How to protect yourself from the data breach that affected 744 million accounts
WikiMedia Commons (CC-BY)
Take action now.
A hacker who made headlines this week for selling the details of more than 617 million accounts on the dark web has obtained 127 million more, bringing the total number of hacked accounts to 744 million.
As first reported by the Register Monday, the initial 617 million records, obtained from 16 hacked websites, are currently for sale on a dark web marketplace for $20,000 in bitcoin. The affected websites listed by the hacker are Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp.
The data, depending on the website it was acquired from, includes everything from names, email addresses, and passwords, as well as location information and social media authentication tokens. The Register notes, however, that the passwords appear to be hashed, meaning they must be decrypted before being used, and that no financial information was among the data.
The second data set, reported on by TechCrunch Thursday, includes 127 million records from an additional eight websites. Those services are Ixigo, YouNow, Houzz, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, and PetFlow. Some of the websites, including Ixigo and PetFlow, used outdated algorithms to scramble and store passwords, meaning hackers will have little difficulty in cracking them open.
Although information from each website is being sold separately, the total asking price for the second data set is roughly $14,500 in bitcoin.
Several of the companies listed among the 744 million records have confirmed breaches, leading experts to conclude that the data is genuine. Anyone who has ever had an account with any of the aforementioned services is advised to change their passwords. Given that many individuals reuse passwords, hackers will undoubtedly test the hacked login credentials on other services such as Gmail and Facebook as well.
Users should also enable two-factor authentication on all services where it’s available, which will protect them even if their password is stolen. Using a password manager, which allows you to create and store unique and strong passwords, can also protect users against issues related to password reuse. For added protection, sign up for the free service from HaveIBeenPwned, a website which will alert you when your email shows up in a data breach.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.