Security breaches pose a risk to the credentials of millions of users in a large number of services. Unfortunately, they are more common than you would expect. Today it has been discovered that 770 million email addresses and more than 21 million unique passwords have been leaked in one of the biggest gaps in history, called Collection # 1.
“The page Have I Been Pwned allows us to know if our emails and passwords have been leaked in a computer attack to a web page.”
This has been reported by Have I Been Pwned, a very useful website that lets you know if your credentials have leaked in a security breach. It is very easy to use, and tells users if their email address and password has been leaked in a security breach. You just have to enter the email address and the page indicates whether it is safe or not. If not, it will indicate in which gap the credentials were left uncovered.
This does not necessarily mean that cybercriminals have your email address and the means to access it. For example, if our account appears as compromised in Adobe’s 2013 gap, it means that our credentials for that service were uncovered along with another 153 million at that time.
In this particular case, the passwords were encrypted but data necessary to decrypt them was also included. The problem would be, following the example of Adobe, if the password is the same as in other services. In this way, cybercriminals could prove those credentials in as many services as they could think of, and eventually access some.
Another problem is the similarity of password when using patterns. If for example our password is “12345Adobe”, the attackers could try variations of those passwords such as “12345Facebook”.