3.27 Billion Reasons to Change Your Password

March 18, 2021

The largest-ever compilation of stolen passwords and emails was recently posted online on a hacking forum that anyone could access. The lists contain a staggering 3.27 billion entries! The enormous database appears to be a compilation of leaked login credentials and other information from previous data leaks. The passwords and emails are from leaks not only in the UK but from all over the world. The hackers have managed to compile information stolen from different data breaches over the years and put it in a single accessible place.


Over the years, there have been billions of leaked login credentials that hackers are utilising to this day. This is why reusing your password, or using a very similar one that could easily be guessed, is never a good idea. It takes months for companies to announce that they have been hacked, giving hackers plenty of time to utilise any stolen information. You may be wondering why are companies sometimes slow to reporting data breaches? To answer this question, we have to get back to how such breaches are usually being discovered.


The breaches are usually intercepted by in-house cyber security experts or cyber security researchers, like us at JC Cyber Security, who love to poke around the internet looking for possible vulnerabilities. When such vulnerabilities are found, cyber experts, inform the affected business. Then the company takes its time to patch it. Once the exposure is fixed, and their marketing and legal teams have allowed them to announce the breach, the hacked company informs its users about the already resolved vulnerability that might have exposed personal information. The whole process can take months and ever years. You may start wondering why cyber security researchers don’t tell the world immediately?


They indeed could immediately sound the alarm, but they rarely do it because this would be unethical. Instead of helping the company, they may attract even more criminals who want to exploit the vulnerability. So long story short, consumers might need months and sometimes even years to be informed about a data breach by the hacked business. And with this in mind, regular users never really know if their information has not already been stolen. However, there are websites where you can chek if your data has been compromised.


The solution is proper password hygiene. Keep changing your passwords at least once every three months, and remember never to reuse passwords. Avoid using patterns between old and new passwords too. If you are struggling to remember all the passwords, use a password manager. By relying on a password manager, you will not have to remember tens and sometimes hundreds of passwords, but just one master password that would give you access to all of the others when you need them. Reliable software protection packages can recognise and remember all the data required to log you into your favorite services.


The fact that hackers are creating such compilations of different data breaches means that internet users continue to ignore basic password hygiene practices and continue not to change passwords often enough. It also means that users systematically reuse old passwords. With easily accessible compilations such as this one, cyber criminals are only a search away from getting access to your potentially active login credentials. Be smart and change your passwords often; you have 3.27 billion reasons why you should not ignore this advice.

Follow Us

Be the first to know

You might also like

DAST in DevOps: Why It Matters

October 14, 2024
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.  So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Why DAST Testing is Important

October 4, 2024
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.  This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

The Evolution of Hacking

September 25, 2024
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.  In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.
More Posts
Share by: