Passwords Leaked: A file with around 10 billion (1,000 crores) passwords was leaked via an online hacking forum, according to a report by Semafor. The compilation, which included old and new password breaches, was posted online on July 4 and is the largest such leak yet, the report added.
Semafor report noted the risk of credential stuffing attacks being enabled by the massive leak. This concern is grave because the leak's nature gives hackers a single searchable file to sift through user data.
Credential stuffing refers to hackers using a user's breached password to break into multiple accounts linked to that same user. For example, user A's password for their email could be used to break into their bank account. Cybernews reported that credential-stuffing attacks compromised users across platforms such as AT&T, Santander Bank, Ticketmaster and 23andMe, among other businesses.
The report also referred to an International Monetary Fund (IMF) report and a Lancet Journal study to note that malicious cyberattacks have doubled globally since 2020, with the financial (20,000 cyber attacks since 2020) and healthcare sectors taking the brunt of such attempts.
A Forbes report, however, provided some relief for worried netizens — the sheer size of the leak may make the file unusable. One analyst said, “I know this might sound funny, but what’s an extra 1.5 billion passwords?”
The report also noted that simply having more passwords leaked does not increase the likelihood of cyber attacks increasing — but it does point out the "glaring holes" in online security.
