Hacker database discovered with millions of account credentials from Facebook, Twitter, Yahoo

Shawn Knight

Posts: 12,795   +124
Staff member
Researchers at cyber security firm Trustwave recently discovered a hacker database that contains more than 2 million stolen passwords associated with a variety of popular services including Facebook, Gmail, Twitter and Yahoo. These services and more have been resetting account...

[newwindow="https://www.techspot.com/news/54909-hacker-database-discovered-with-millions-of-account-credentials-from-facebook-twitter-yahoo.html"]Read more[/newwindow]
 
G

Guest

"Perhaps more disturbing than the theft itself is the fact that people are still using absurdly simple passwords to protect their online accounts."

What else is new?
 
  • Like
Reactions: wastedkill

insect

Posts: 349   +132
There was some article on passwords I read that something like this (paraphrasing):
Corporations continue to make passwords more 'complex' by requesting numbers, special characters, combinations of upper and lower-case, non-dictionary words, etc. Computers are very good at running lots of combinations of anything... indefinitely. So passwords are getting easier and easier for computers to 'guess' and harder and harder for humans to remember. Humans write them down or choose the most simplistic of the requirements resulting in an even more insecure environment.

The best passwords are two-words that are random, but easy to remember (I.e., if you have a picture of your kid/spouse/whatever at your desk choose their shirt brand/type with your favorite feature - TommyHilger Eyes). Hard for humans and computers to guess because it's not worth the time for a bot to run the time required to find that (assuming the bot is programmed to even look for such things) but easy for you to remember.
 
D

davislane1

This is why all of my passwords are highly secure numeric anagrams. For instance: 12345 becomes 54321. No one's brute forcing that.
 
  • Like
Reactions: ikesmasher
G

Guest

As computers become more powerful, 15 digit character and numbers only passwords can be cracked in less than a week (brute force, less using Smart Brute Force). Yet I still run into financial companies that restrict passwords to numbers or characters and numbers between 8 and 10 characters in length. (Yes I'm talking about you Fidelity and PNC.)

We need to get to QR encoded visual password systems or something similarly large and tough to manually copy and hard to crack using brute force. Of course social engineering is the easiest way to crack a password.
 
G

Guest

It would help if the title either said "and others", or included gmail. As it is now, I read the title quickly and thought "I don't use any of the 3 services listed so I have nothing to worry about" and almost skipped the article. I do use gmail though...
 
G

Guest

"No one's brute forcing that."

I've seen plenty of brute force "password" database files (or just simple notepad files) that have a list of common passwords and their anagrams. It doesn't matter if it's words or numbers. The best thing to use is passphrases and then maybe some numbers. Like two or more word combos like one commenter mentioned above.
 
G

Guest

For remote connections to secure server we only use keys. Maybe a secure USB key that your browser recognizes with your encrypted passwords? If a user inserts the key into the computer, your browser or application recognizes your key and automatically allows you to login to secure websites that key is authenticated for?
 

ikesmasher

Posts: 3,068   +1,389
"No one's brute forcing that."

I've seen plenty of brute force "password" database files (or just simple notepad files) that have a list of common passwords and their anagrams. It doesn't matter if it's words or numbers. The best thing to use is passphrases and then maybe some numbers. Like two or more word combos like one commenter mentioned above.
Sarcasm is a heck of a thing.
 
  • Like
Reactions: davislane1

mattfrompa

Posts: 576   +73
As computers become more powerful, 15 digit character and numbers only passwords can be cracked in less than a week (brute force, less using Smart Brute Force). Yet I still run into financial companies that restrict passwords to numbers or characters and numbers between 8 and 10 characters in length. (Yes I'm talking about you Fidelity and PNC.)

We need to get to QR encoded visual password systems or something similarly large and tough to manually copy and hard to crack using brute force...
exactly https://www.grc.com/sqrl/sqrl.htm
 
G

Guest

This wouldn't make headlines if everyone had secured their accounts with multi-factor authentication.
 
G

Guest

Make it jail for life or death sentence and let's see how many hackers are left after that.
 
G

Guest

It doesn't really matter how secure your password is. Don't you know that facebook and google are already scanning your information and making it available to other businesses and government? They've basically already hacked your account and exploited you in ways we're only beginning to understand. Everyone should consider using privacy-based services such as Ravetree, DuckDuckGo, and HushMail.
 

cliffordcooley

Posts: 12,581   +5,960
"Perhaps more disturbing than the theft itself is the fact that people are still using absurdly simple passwords to protect their online accounts."

What else is new?
Which should imply there is nothing within the account worth hacking it for. I used a simple password (the same password for the last 15 years), but if the account was important enough, I would choose to use something more complex. I don't have anything to worry about, because I'm not a major target.
 
G

Guest

Facebook, Twitter & Yahoo are all free....

Who cares if someone can gain access to those accounts... they are throw away and pointless.



Gmail is free too... who cares what a hacker can do, or read..? Google is already one up, on these hackers, as their users have already given permission for Google to do what these hackers are trying to do. (Read & steal your info..)
 

tipstir

Posts: 2,854   +199
Most are using the easy route but they don't realize what could happen with this script kiddies out there.

This is Password Length: 16
Password Example: w3lCR(?nS..vD94c
Safe level: High
 

tomkaten

Posts: 290   +239
From howsecureismypassword:

"It would take a desktop PC about 412 trillion years to crack your password". :)

Still, I don't get what password complexity has to do with a topic about a botnet with a keylogger. Yeah, we all know the average man's password still sucks, but that's irrelevant here IMO.
 
There was some article on passwords I read that something like this (paraphrasing):
Corporations continue to make passwords more 'complex' by requesting numbers, special characters, combinations of upper and lower-case, non-dictionary words, etc. Computers are very good at running lots of combinations of anything... indefinitely. So passwords are getting easier and easier for computers to 'guess' and harder and harder for humans to remember. Humans write them down or choose the most simplistic of the requirements resulting in an even more insecure environment.

The best passwords are two-words that are random, but easy to remember (I.e., if you have a picture of your kid/spouse/whatever at your desk choose their shirt brand/type with your favorite feature - TommyHilger Eyes). Hard for humans and computers to guess because it's not worth the time for a bot to run the time required to find that (assuming the bot is programmed to even look for such things) but easy for you to remember.
That is very very wrong. If you are against some ignorant skid that doesn't know what a dictionary attack is and is trying to brute-force passwords, then your method works. However, any hacker worth their salt (get it, salt?) will crack a two-word or even four-word password in a matter of hours.

The most secure method of obtaining a pseudo-random password that is easy to remember, but hard to guess is an anagram of a sentence. So "My aunt Sally was born on Friday, December 22nd." becomes "MaSwboF,D22." Now you have an 11 character password that is incredibly hard to guess, very easy to remember, and almost impossible to crack. And it contains two special characters, two numbers, two upper case, and two lower case.
 
G

Guest

What's more disturbing is that you believe that a strong password can save your ***. All you have to do is learn someones weak reset credentials and you have defeated their strongest passwords.
 
G

Guest

Wow. People still think passwords work. After so many have pointed out that they are pointless when someone installed a keylogger on your computer. With that you are actually giving your password away. How about the dumb user with the secure password who falls for the your account has been compromised here is a link to change your password. You enter your password. How about this I tell you on my website that what you entered is wrong and you thinking you forgot your password keep trying to guess at it while giving me all your passwords you ever had. You keep trying not even thinking that it is a fake web site. Hahaha.