ALL internet users have been warned over dangerous “credential stuffing” hacks over Christmas.
Cyber-experts have warned of a holiday rise in the attacks – which use leaked passwords to break into your accounts.
When websites leak or are hacked, huge file dumps containing passwords are uploaded online.
Hackers then try these passwords on your other accounts – or other users.
They hope that you’ve re-used your passwords, or have chosen simple and commonly adopted logins.
This gives hackers easy access to your online accounts without having to directly compromise your system.
If hackers can gain access to your Gmail or Outlook with this technique, they could then break into even more accounts.
Cyber-experts at Arkose Labs have warned that there were over 2billion “credential stuffing” attacks during the last year.
Most read in News Tech
And they said that the scale of attacks grew exponentially in recent months – and could peak over Christmas.
Hackers can steal and use your private info, resell it, drain your bank accounts and wreak havoc across your online life.
And there’s an increasing pool of leaked passwords to choose from.
Just days ago, we revealed how a whopping 5.5billion passwords had been hacked – and then logged through HaveIBeenPwned.
The news came after site creator and Microsoft exec Troy Hunt revealed that 225million breached logins had been added to the site.
How to stay safe this Christmas
You can use HaveIBeenPwned to check your own email to see if you’ve been caught up in any leaks.
But remember: even if your email hasn’t been breached, you may be using a simple password that has leaked from someone else.
This could also get you hacked.
And you should consider using a password manager – like Apple’s iCloud Keychain or Google Chrome – to generate strong passwords and be warned of re-used logins.
There’s obviously a huge risk for anyone whose username and passwords from different sites have been hacked.
It’s important to immediately change your log-in details to stay safe.
But even passwords uploaded online without associated usernames can put you at risk.
If you use a very simple password, it’s likely someone else does too – and they may have been hacked themselves.
Hackers buy huge lists of these compromised passwords from lots of different sites because people often re-use them.
So hackers are much more likely to gain access to an account by forcing a long list of “known” hacked passwords than trying random letters or numbers.
- Read all the latest Phones & Gadgets news
- Keep up-to-date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
- How to get your deleted Instagram photos back
- How to track someone on Google Maps
- How can I increase my Snapchat score?
- How can I change my Facebook password?
- How can I do a duet on TikTok?
- Here’s how to see if your Gmail has been hacked
- How can I change my Amazon Alexa voice in seconds?
- What is dating app Bumble?
- How can I test my broadband internet speed?
- Here’s how to find your Sky TV remote in SECONDS
In other news, Google Chrome users have been urged to delete their browser.
Facebook recently rebranded to Meta.
Check out the best iPhone 13 deals in October 2021.
And take a look at your hidden Facebook rejection folder.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com