• Welcome to Peterborough Linux User Group (Canada) Forum.
 

A hacker just leaked 10 billion passwords

Started by ssfc72, July 07, 2024, 09:05:33 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

ssfc72

Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

#1
Thanks for sharing, Bill. I meant to post about this.

The headline overstates the impact as the dump isn't all new passwords: most aren't. Most are from an earlier list that grows with each new smaller leak. But it's still good to remain vigilant! The article is more aimed at people who are using weak passwords. Don't be one of them!

Unless you've been using weak passwords, changing them isn't necessary. The leak is gargantuan unless compared to the number of possible strong passwords. For example, Diceware uses a word list of 7776 passwords. Randomly use only three of them and you have over 470 billion unique passwords! Bill's linked article has some good recommendations on strong passwords. Go for length (16 characters or more). Complexity isn't as important. A password consisting of 8 random characters isn't good enough. You're not going to remember all these passwords. So, use a password manager and you only have to remember one.

Regardless, the leaked list wouldn't be used to brute force websites. Websites won't allow the bad guys to attempt billions or even millions of passwords. It is used by bad actors offline who compare it against stolen password hashes. Passwords aren't stored on most websites; the hashes are. Reverting hashes to passwords is impossible unless you compare them to a list of commonly used passwords.

In a brief article, MalwareBytes notes :

QuoteTo cut a long story short, if you don't reuse passwords and never use "simple" passwords, like single words, then this release should not concern you. If you use multi-factor authentication (MFA), and you should everywhere you can, there's also no reason to worry about this.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13