An unprotected cloud server is said to have led the security researchers belonging to UK’s National Cyber Security Centre (NCSC) to a data trove of a quarter billion passwords. And the cyber arm of GCHQ says that most of the leaked credentials could have been used by cyber criminals by now.
In order to access the seriousness of the situation with the compromised passwords, a team from NCSC contacted Troy Hunt, who runs a website known as Have I been Pwned (HIBP). The aim was to see whether any of the quarter billion password were compromised and the online account services linked to those passwords were been misused.
It turned out that over 223 million passwords from the found data trove were new to the online world and 613 million passwords were already used by many and some using them have already become a victim of a cyber attack.
Leaked credentials were actually a mixed bag, as some individual or company could have stored a mixture of segregated passwords on the cloud server- either for a research or some malevolent purposes.
“A compromised password acts as a treasure to a hacker as it can be used in a password spraying attack on the use of AI technology,” said Troy.
And such data troves could act as monetary catalysts to the activities of cyber criminals as they can sell such data on the dark web for a fancy price, added Hunt.
Turning a multi-factor authentication or at least a 2FA for online accounts, using an alphanumeric password tucked with 2-3 keys of special characters, changing the passwords on a frequent not might put an end to all password related cyber attacks persistently.
