Almost 10 Billion Bocor Passwords, Here Are Tips For Risk Mitigation Of Password Leaks
JAKARTA - A study from Cybernews entitled RockYou2024 revealed that nearly 10 billion unique passwords have been leaked in widely known cyber forums.
The database comes from rockyou2024.txt, a wordlist containing a collection of commonly used passwords. This compilation even surpassed the previous record holder RockYou2021 by adding 1.5 billion new passwords.
In response, Kaspersky experts have issued practical guidelines to help users protect themselves after extensive data infiltration:
Check the impact of violations
When a data breach occurs, the first thing to suggest is to check whether our data as users are affected. Modern security solutions allow leaked data detection and provide warnings to increase security measures if necessary
Change passwords as soon as possible
In the event of a data breach, it is important to immediately change your password and consider all other sites that use the same password.
Block and re-issue your debit/credit card, if necessary
If payment data is stored by services that have data breaches, it is best to block and reissue the card for additional security.
Install password manager
A tool like this creates a strong password and securely stores it in an encrypted safe. In addition, it is enabled to monitor data leakage and check whether the user's password has been compromised.
Implement two-factor authentication (2FA)
To protect accounts from unauthorized access, it is highly recommended to prepare 2FA.
This can be done by receiving confirmation via SMS, email, or using an authentication application or password manager that produces one code.
SEE ALSO:
Close unused accounts
If there are long-standing services that are not used, shortly after the data leak, it is recommended to delete the account and request complete deletion of data through technical support or addresses in Privacy Policy.
Share important personal information at the minimum
When you register, there is no need to use the main email address: automatic substitution can be used. In addition, if not required, remove the real name and residential address.