Nearly 100 million credentials (including emails and passwords) from portals like Coinbase, Facebook, Ebay, Roblox and many others, have been stolen and published by a hacker. This has been confirmed Troy Hunt, a renowned cybersecurity expert and creator of the platform Have I Been Pwned. The passwords, in particular, are part of a database of more than 100 GB called Naz.API. This file is already circulating on different portals frequented by cybercriminals.
Hunt claims that this database has been published for almost four months, and that it contains a total of 319 files occupying 104 GB. After carrying out several checks, the expert realized that these files included a total of 70,840,771 emails and passwords. Fortunately, for some, many of the credentials that appear in the leak are old passwords, something that makes access considerably more difficult for hackers.
The cybersecurity expert also states that 65.03% of the addresses that have appeared in this massive leak of credentials were already listed in Have I Been Pwned, a portal where users can check, through their email, if they have appeared in a data breach like this. On the other hand, he assures that “there are cases of duplicate rows.” However, he warns that there is also “a massive prevalence of people using the same password on multiple different services and completely different people using the same password.”
This is how you can know if your password has appeared in the leak
In any case, you can check if your password has appeared in the aforementioned leak through Pwned Passwordswhich is very similar to Have I Been Pwned —in fact, it is the same platform— and allows us to know if the credentials are in the hands of attackers.
To do this, you only need to access to this website and enter password in search box. Immediately, the platform tells you if your password has appeared in a leak or, on the other hand, has not been leaked.
In the first case, the most advisable thing is change the password on all accounts. In addition, most platforms and services allow you to activate two-step verification. This is an additional security method to prevent hackers from accessing your account, even if they have your password.