More than 560 million emails and passwords collected from different sources. That kind of stuff has been floating around the web for a couple of years already, until recently, when it started to appear online.
Find out if your password has been stolen
If you want to know that your password exists somewhere? Try “Have I Been Pwned” service, which checks to see if your email or username appears in any database that’s been compromised.
As imperfect humans, we usually reuse passwords. Most people online are just out there with the same password or three across all their things. We understand that because we’ve all done it and hackers know that too!. As such, they’re going to try and break into as many other accounts as they can using the credentials from a data breach.
An example is Account Hitman tool that has been used by hackers to automate injection of breached username/password pairs to gain access to user accounts. The tool has been developed to do the following shortly:
1- Capture the HTTP request during login
2- Identify the response that indicates a successful login
3- Provide a payload of credentials (username and password)
4- Start the brute force attack on a target site.
Improve your passwords
The best thing to do online is to not to use the same password you use for every single log-in. The best way to do that is with a password manager, which can create and manage unique and strong passwords for all your sites and services.