On his Have I Been Pawned website, Infosec researcher Troy Hunt has revealed that more than 700 million email address are available in some popular hacker forums and many of these contain plain text passwords. Once again I point out that no elaborate hacking skills are required if the bad guys can just purchase your email address and password.
In reviewing the data it appears that many of the email addresses and passwords are from 2008-2015. Hunt can’t speak to the validity of all the data but he did say, “my own personal data is in there and it’s accurate; right email address and a password I used many years ago.”
So what should you and your company employees do? The New Year is a great time to change your password and to make use of a password safe app such as the excellent and free KeePass application – available for download here.
Everyone stay safe out there!