"Compromised passwords", the iPhone and Chrome alert: that's why it's better to change them

Time: 06/Nov By: kenglenn 662 Views

"Compromised passwords", the iPhone and Chrome alert: that's why it's better to change them - Cyber ​​Security 360

These days, many security alerts are arriving on iPhone and Chrome suggesting users to change their passwords as they are compromised: in fact, criminal hackers are taking over the stolen credentials collected in the RockYou 2021 archive available online. Let's be careful

06 Jul 2021Paolo TarsitanoEditor Cybersecurity360.it

Security alerts on iPhone and Chrome are increasing these days, suggesting users to change their passwords as they appear to be compromised following recent massive data breaches.

Let's not underestimate the alarm, because the risk that someone will be able to access our accounts and steal our identity is really very high.

Topics index

Passwords compromised, because iPhone and Chrome ask us to change them

In particular, users are receiving numerous push notifications on their iPhone or in the Chrome browser generated by the password monitoring systems integrated into latest versions of iOS and Chrome.

WHITEPAPERThreats to infrastructure: how to secure yourself? A guide for IT ManagersSecurityNetwork SecurityDownload the Whitepaper

If users have this feature enabled, the password monitoring system will always look for matches between the passwords used by the users themselves and those that have been leaked online, alerting them if there is a a problem.

RockYou 2021: the largest archive of stolen passwords

The origin of the compromise of so many passwords dates back to the first days of last month of June, when on a popular underground forum was published what , quite possibly, is the largest online archive of stolen passwords: it has been renamed RockYou 2021 (to differentiate it from a previous version published in 2009) and it is a 100 gigabyte text file containing 8.4 billion passwords (for exactness: 8,459,060,239 unique entries) that are alleged to have been "collected" in connection with old online account breaches and now grouped into a single list.

“Passwords compromised”, the warning iPhone and Chrome: here's why it's better to change them

According to the author of the hacker forum post, passwords in the RockYou 2021 archive are 6 to 20 characters long, with non-ASCII characters and whitespace removed.

Cybernews security experts have also verified that the 3.2 billion passwords of the Compilation of Many Breach (CoMB) are also included in the RockYou 2021 archive. And, probably, also the 32 million passwords contained in the RockYou archive and stolen from the servers of a well-known social app as they are stored unencrypted.

Why it is important to change compromised passwords immediately

In the light of the above, it is clear that we must not underestimate or, even worse, ignore the alert messages displayed by the iPhone or Chrome (even Firefox , in the latest versions, has integrated the Lockwise function which continuously checks for a possible match between user passwords and those made public online in hacking forums).

The problem of having your accounts compromised is further exacerbated if the same password is reused to access different accounts: using credential stuffing or password spraying attacks (an attack technique that attempts to access large number of accounts using a few commonly used passwords), in fact, criminal hackers could theoretically gain access to billions of online accounts.

Considering the fact that around 4.7 billion people are online worldwide, it is easy to assume that the RockYou2021 archive potentially includes the passwords of the entire global online population. For this reason, users are advised to immediately check if their passwords have been included in the leak.

Basic rules for creating secure passwords

Regardless of whether or not your password appears among the compromised ones contained in the RockYou 2021 archive, it is always good to apply the basic rules for creating a password secure and protect it from any type of attack:

  1. first of all, the password must always be different, at least 12 characters long chosen from uppercase, lowercase letters, numbers and special characters and, if possible, it must not contain names or common words that can be easily traced through one of the many dictionaries that criminal hackers use to carry out brute force attacks;
  2. furthermore, when creating your password you must avoid using repeated sequences or characters such as, for example: 12345678, 2222233333 or abcdefg;
  3. you should avoid using common sense words spelled backwards: even in this case, they would be easily identifiable with a common password dictionary;
  4. likewise, you should avoid using abbreviations of names or words common;
  5. also avoid passwords containing personal information or information relating to family members, such as name, birthday date or any nicknames or endearments that, perhaps, a criminal hacker could easily find in posts on social media network;
  6. Finally, avoid creating a password by replacing letters with symbols, such as: "a" with "@", "e" with "&" or “3”, “s” with “$”.
@RESERVED REPRODUCTIONCharactersPPaolo TarsitanoTopicsBbrute forceCcredential stuffingHHackerHHackingPpasswordPpassword sprayingChannelMalware and hacker attacksNews analysisMalware and hacker attacksMAXI THEFT OF CREDENTIALS

Over 3 billion e-mails and passwords sold on the Dark Web: details and tips to mitigate risks

11 Feb 2021by Alessia ValentiniShare postShare Shareview_listRelated postsNextOver 3 billion emails and passwords sold on the Dark Web: details and tips to mitigate risksLinkedInTwitterWhatsappFacebookMailLink