World's largest hacked credential database leaked
Telstra is urging Australians to change their online passwords after a massive, searchable database of 1.4 billion stolen usernames and passwords was leaked to the public internet.
The trove of unencrypted passwords was compiled using data obtained from over 250 high-profile data breaches of private domains.
The 41 GB database, which was discovered by security researchers 4iQ, is the largest known collection compiled by cybercriminals.
According to 4iQ, 14% of the passwords included were previously unpublished in a decrypted form and 318 million user accounts had been previously unpublished.
In a blog post, Telstra security special projects specialist Darren Pauli warned that email accounts are the most at risk of compromise as a result of the leak, but criminals can and do test email addresses and passwords against a variety of popular websites in case victims have re-used their password.
He said an easy way to shore up defences against such breaches is to maintain unique and complex passwords via the use of a password manager tool.
“We also advise that you do not register for personal online accounts using your work email address. This is because criminals will likely attempt to use your work email address and exposed password to break into your work accounts,” he said.
None of the data breaches used to source the database of login credentials involved any domains associated with Telstra networks, assets or services, Pauli added.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...