World's largest hacked credential database leaked
Telstra is urging Australians to change their online passwords after a massive, searchable database of 1.4 billion stolen usernames and passwords was leaked to the public internet.
The trove of unencrypted passwords was compiled using data obtained from over 250 high-profile data breaches of private domains.
The 41 GB database, which was discovered by security researchers 4iQ, is the largest known collection compiled by cybercriminals.
According to 4iQ, 14% of the passwords included were previously unpublished in a decrypted form and 318 million user accounts had been previously unpublished.
In a blog post, Telstra security special projects specialist Darren Pauli warned that email accounts are the most at risk of compromise as a result of the leak, but criminals can and do test email addresses and passwords against a variety of popular websites in case victims have re-used their password.
He said an easy way to shore up defences against such breaches is to maintain unique and complex passwords via the use of a password manager tool.
“We also advise that you do not register for personal online accounts using your work email address. This is because criminals will likely attempt to use your work email address and exposed password to break into your work accounts,” he said.
None of the data breaches used to source the database of login credentials involved any domains associated with Telstra networks, assets or services, Pauli added.
Accelerating the adoption of passkeys without compromising user experience
We need authentication methods that remove the human element from the equation, and that's...
Modern CISOs must throw out the traditional cybersecurity playbook
The primary imperative for today's CISOs should be to align the security agenda with business...
AI agents: securing the 'artificial workforce'
Just as they would with new employees, security teams will need to define access policies for...
