Earlier this week, security research center Mackeeper reported that a database containing more than 560 million emails and passwords has been dumped on the internet.
Hosted on a cloud-based IP, the database is over 75 gigabytes in size and has been collected from a variety of previously leaked sets of data, including leaks from LinkedIn, Dropbox, Lastfm, MySpace, Adobe, Neopets, RiverCityMedia, 000webhost, Tumblr, Badoo, Lifeboat and others.
Mackeeper experts have emailed the hosting provider to shut down the leak. They also advise internet users to change their passwords.
"The lesson here is simple: most likely, your password is already there and somebody might be trying to use this just now," Bob Diachenko wrote in a blog post on Tuesday.
"Databases get leaked on the internet all the time, but this one is larger and more accessible than any of the previous ones. It's a summary of pretty much any leak that hackers could have gotten their hands on separately over the past couple of years, neatly summarized in one easily accessible form," Nohl said.
Nohl warned that hackers will try to use the passwords to break into different accounts, since internet users tend to use the same password for multiple internet accounts.
"Criminals will try those passwords all over the internet. They'll try to use your Uber account, they'll try to log into your Paypal. Wherever there's a little bit of money to be made, they'll abuse it."
"So, this really impacts everybody who shares passwords across different websites, which to be honest is everybody, we all do it," Nohl said.
Having a strong password is a safeguard against it ending up in a leaked database, since websites usually store a "password hash," an obfuscated version of the password rather than its exact form. If the password is complicated then this hash is difficult to decipher and hackers still won't be able to figure out the password.
"If you have chosen a very strong password, something with completely chaotic characters, special characters and so forth, then you probably won't end up in these databases."
"The same challenges – installing updates and keeping passwords complex – become more and more challenging for every individual. As we derive more usefulness from all these electronics, we'll have to budget a little bit of time every month or every couple of months to install patches, change passwords if there's any risk of them having been leaked on the internet. So we all have to grow up to this responsibility of using the internet and protecting our own information."
Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed!