A Pakistani hacker who last week put up 600 million hacked accounts has added another hundred million records plus to the pie.
The first batch included 617 million records from 16 hacked sites —
- Dubsmash – 162 million accounts
- My FitnessPal – 151 million accounts
- MyHeritage – 92 million
- ShareThis – 41 million
- HauteLook – 28 million
- Animoto – 25 million
- EyeEm – 22 million
- 8Fit – 20 million
- WhitePages – 18 million
- Fotolog – 16 million
- 500px – 15 million
- Armor Games – 11 million
- Bookmate – 8 million
- CoffeeMeetsBagel – 6 million
- Artsy – 1 million
- DataCamp – 700 thousand
Several of these sites have admitted they were hacked; none has denied it.
The 600 million record package is selling for about $20,000.
The new batch of 127 million records includes
- Houzz – 57 million
- YouNow – 40 million
- Ixigo – 18 million
- Stronghold Kingdom – 5 million
- Roll20.net – 4 milion
- Ge.tt – 1.83 million
- Petflow and Bbulletin forum – 1.5 million
- Coinmama – 420 thousand
Only Houzz on this second has has confirmed they were hacked.
So what does this mean for you?
First of, if you are using the same password on multiple sites, you should stop that practice right away. It is just too dangerous.
Second, if you are not using two factor authentication, you just need to suck it up and get over it.
The days of passwords alone as a reasonable login authentication means are over and will likely never return.
And, obviously, if you have accounts, even little used accounts, on any of these sites, change your passwords there immediately. IF YOU USED THE PASSWORD ON ANY OF THESE SITES ELSEWHERE, YOU HAVE TO CHANGE THOSE PASSWORDS TOO.
And, if you are a web site operator and you are storing passwords, consider your security. If you have not had an expert try to hack your site recently (as in, say, the last 6 months), you probably need to do that.
The brand damage to these sites will be big.
Information for this post came from The Hacker News.