Why you could be the next online hacking victim
SEXTORTION, theft, and fraudulent transactions are expected to soar this year after the publication of 2.2 billion passwords in an act cyber security experts say was most likely the work of organised criminal gangs.
Password packages are being sold to fledgling hackers for as little as $US45 ($64) which include credentials stolen in new and existing online hacks of everything from email accounts to online shopping sites. Research shows almost two in every three internet users could be at risk of a digital break-in.
Security experts and the official Australian Cyber Security Centre say there are still ways individuals can avoid having their personal information and accounts compromised by the massive data theft, but swift action is required.
The latest leaks, known as Collection #2-5, include more than 25 billion user records and 2.2 billion usernames and passwords, some in plain text, ready to be exploited.
LogMeIn chief technology officer Sandor Palfy said the "colossal" nature of the latest data dump made the previous leak, known as Collection #1, "seem like a drop in the ocean by comparison".
But Global Village Transformations digital strategic adviser Dean Carlton said one of the most disturbing factors was that the data had been packaged into collections and sold to potential hackers on internet forums.
Mr Carlton said criminals were charging just $US45 for each password package, and would undoubtedly lead to more online theft if users didn't urgently change compromised details.
"Hackers might try to get into your bank account, some of them will try to break into PayPal, and then there's adult sites," he said.
"Some criminals will do something called 'sexploitation,' where they don't even need to know what you've been looking at but they'll use the fact you've got a password to an adult site to start the blackmail process."
Blackmail emails will demand ransoms in Bitcoin or other cryptocurrencies, Mr Carlton said, after threatening to expose a victim's online activities.
The Australian Cyber Security Centre confirmed the release of Collections #2-5 on the Dark Web, and head Alastair MacGibbon said Australians should change their passwords and avoid reusing "passwords and email addresses across multiple sites" to avoid theft.
A new survey by Google and Harris Poll revealed the practice was common, with 65 per cent of internet users admitting to reusing the same passwords and, worryingly, 13 per cent of users employing just one password for all online services.
University of Adelaide senior research fellow Dr Malcolm Pattinson said anyone using "the same password for Facebook as the Commonwealth Bank" should stop immediately, and conduct a personal password audit.
Dr Pattinson also advised internet users to check if their passwords had been compromised using verified online tools, employ a password manager, or keep an encrypted document with hints to secure passwords.
WHAT TO DO NEXT
- Check your email address at haveibeenpwned.com to see if it is included in Collection #1
- Check your email address at Identify Leak Checker (https://sec.hpi.de/ilc/search) to see if it was compromised in Collections #2-5
- Change any password you've used across multiple accounts
- Employ a password manager such as 1Password, LastPass, or Apple iCloud