World's largest hacked credential database leaked
Telstra is urging Australians to change their online passwords after a massive, searchable database of 1.4 billion stolen usernames and passwords was leaked to the public internet.
The trove of unencrypted passwords was compiled using data obtained from over 250 high-profile data breaches of private domains.
The 41 GB database, which was discovered by security researchers 4iQ, is the largest known collection compiled by cybercriminals.
According to 4iQ, 14% of the passwords included were previously unpublished in a decrypted form and 318 million user accounts had been previously unpublished.
In a blog post, Telstra security special projects specialist Darren Pauli warned that email accounts are the most at risk of compromise as a result of the leak, but criminals can and do test email addresses and passwords against a variety of popular websites in case victims have re-used their password.
He said an easy way to shore up defences against such breaches is to maintain unique and complex passwords via the use of a password manager tool.
“We also advise that you do not register for personal online accounts using your work email address. This is because criminals will likely attempt to use your work email address and exposed password to break into your work accounts,” he said.
None of the data breaches used to source the database of login credentials involved any domains associated with Telstra networks, assets or services, Pauli added.
Defending against AI-powered cyberthreats
Improving cyber resilience is no longer about perimeter defence or reactive patching, but...
Lessons from the Land Rover cyber attack: seeing risk before it strikes
The recent Jaguar Land Rover cyber attack saga is a stark demonstration of what happens when...
Why AI agents are a new insider threat for business
AI-powered insiders are non-human actors operating within the perimeter, inheriting trusted...
