Advertisement

The password apocalypse looms

​Consumer-facing web services providers like email. social media or cloud storage companies are wrestling with the impact of huge troves of hacked passwords available on the dark web.

Consumer-facing web services providers like email, social media or cloud storage companies are wrestling with the impact of huge troves of hacked passwords available on the dark web.

The Wall Street Journal reported Monday on the implications of crime-facilitating databases like LeakedSource — where, for a $2 subscription, would-be cybercrooks can access more than 2 billion previously compromised passwords and the login names or email addresses with which they are associated.

Because most consumers — against expert advice — reuse passwords across accounts, a major hack like the 2012 compromise of LinkedIn can have reverberations across the whole Internet, the WSJ explained.

Although LinkedIn forced its users to reset their passwords, ‘[i]nvestigators estimate that maybe up to 8 percent of the LinkedIn usernames and passwords will work on other services, giving hackers a way to take over accounts elsewhere,’ the paper reports.

Advertisement

When a major breach occurs, services can choose to force a reset on their customers, too. The WSJ reports that online backup provider Carbonite did so when the LinkedIn password trove was found on the dark web.

Other companies chose to analyze the trove, searching for any passwords reused by their own customers, and then advising or requiring only those affected to reset.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.

Latest Podcasts