For almost a decade, Have I Been Pwned (HIBP) has been a great tool for check if our emails or passwords have been part of a breach of data. In the last week, you have added more than 220 million pieces of information, from recent security problems.
Just a few days ago we informed you of the Redline Stealer malware, capable of steal the passwords that we have stored in our browser. The most dangerous of all this is the ease of getting this malware (which costs about $ 150 on the Dark Web) and introducing it to the victim’s computer.
Half a million Redline passwords
According to what we know so far, the tool has already been obtained by multiple unknown individuals, and those access details obtained through this malware have also been sold on the Dark Web.
The news was widely read because many of us use password managers in our browsers, so the information of many of us may be compromised in the hands of who knows who.
Now Have I Been Pwned allows you to check if your email and password are one of the 441,000 accounts stolen by the RedLine malware. Who discovered this enormous vulnerability He explained that although an estimated 6 million records have been stolen, many used the same email address, which was used for different services.
New breach: Logs from the RedLine Stealer malware were left publicly exposed and contained usernames, email addresses and plain text passwords. 26% were already in @haveibeenpwned. Read more: https://t.co/H5YYq6angc
– Have I Been Pwned (@haveibeenpwned) December 30, 2021
Last year, its creator and manager, security researcher Troy Hunt, decided to make it an open source project and make it more collaborative. In fact, the nearly half a million accounts now in the hands of Have I Been Pwned were shared by Bob diachenko, who discovered this theft.
The information of this malware is not the only information that the web has included. The UK’s National Crime Agency (NCA) has also been known to come up with a great deal of new data. The agency you believe the password set was collected from various data breaches, but around 225 million of them were previously unknown to Have I Been Pwned and may have come from previously unknown hacks.
This is the second time UK authorities share this with the web. It should be remembered that the FBI established a permanent relationship with this tool in May 2021.
In addition, on the official website itself they indicate that in addition to the Redline information, they have data taken from other large recent breaches: 50,000 of Protemps accounts, over 113 million Gravatar accounts (due to a bug reported in October 2020) or close to 4 million IDC Games accounts.
How to know if your email or phone has suffered data theft
The tool is very easy to use. You only have to access the Have I Been Pwned website and you will see a large box to enter your phone (international, that is, with country code) and your email:
When you put it in, the system will tell you if there are any existing gaps that have affected your information. If when you write an email the screen below the search engine turns green, it means that your email has not appeared in any of the massive leaks that the web has collected, and that therefore you are not immediately exposed to having your account stolen.
But if what appears is the color red you will be in trouble because your password has been leaked. Then, the page will tell you how many massive leaks your email appears in, and just below you will see a list with all the pages in which your registration data has been exposed. It looks like this, as our colleagues from Xataka Basics have shared:
To solve this problem for your security, go down on the same page and find out which accounts of yours, with that email, have been compromised. When you know it, you will have to go to each site on the list and change the password.