Over the holidays, all internet users have been warned about dangerous “credential stuffing” hacks.
Billions of unencrypted Gmail and Outlook usernames and passwords have been dumped and logged through HaveIBeenPwned.
Huge file dumps containing passwords are uploaded to the internet when websites leak or are hacked.
Hackers then try these passwords on your other accounts – or on the accounts of other users. They hope you’ve reused your passwords or chosen simple and widely used logins.
This allows them to easily access your online accounts without directly compromising your system.
With two billion credential stuffing attacks having occurred in the last year, if hackers obtain access to your Gmail or Outlook using this method, they may be able to break into even more accounts.
Hackers can steal and use your personal information, resell it, deplete your bank accounts, and disrupt your online life.
How to protect and mitigate risks in the case of an email password compromise:
1. Check your email settings
Attackers can set your email account to automatically forward your messages to the attacker and send malware or phishing spam. Examine your settings for anything unusual.
You should also send an email to your contacts or post on social media that your email has been compromised to warn them not to open any attachments sent by you. This can keep viruses from infecting your contacts.
2. Ensure that your antivirus software and operating system are up to date
Software is updated on a regular basis to prevent hackers from exploiting faults and holes. Updates not only improve software, but they also make it more secure. If you haven’t already, automatic updates can save you a lot of work.
3. Run a virus scan on your device.
Changing your passwords isn’t enough if your device is infected with malware. The attacker could gain access to your new passwords by using a keylogger, for example.
Scan your device for viruses before changing any passwords. Even if everything appears to be in order, you should perform this on a frequent basis because malware can be difficult to detect. Some viruses can even disable your antivirus programme if it isn’t powerful enough to stop it.
4. Change your passwords now.
This is one of the most crucial tasks to do. It’s a promising idea to update your passwords on a regular basis. If you believe or know that your email address has been compromised, you must change it at once. Yes, having many passwords can be tedious, but we’re talking about your personal security here. Can you ever be too safe?
Don’t be alarmed if your compromised account’s password has been changed. You may still be able to access your account via the “forgot your password” function if you have put security measures in place.