Half-Billion Compromised Credentials Lurking on Open Cloud Server

Somya Bansal

December 21, 2021

Around 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by, according to the National Crime Agency’s (NCA) National Cyber Crime Unit in the U.K. The NCA tapped Troy Hunt, creator of the Have I Been Pwned (HIBP) website and a Microsoft regional director, to check the passwords against the HIBP database of compromised passwords, since they couldn’t have been linked to a specific company. It turned out 226 million of them were new to HIBP. The NCA said in a statement that these credentials were an accumulation of breached datasets known and unknown, and the fact that they had been placed on a U.K. business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain, and could be accessed by other third parties to commit further fraud or cyber-offenses. Baber Amin, COO at Veridium stated that a compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools the bad actors can start to identify patterns of how a person creates passwords. The passwords have been added to HIBP. Ron Bradley, vice president at Shared Assessments suggested that users take action with the best practices which include buying and using a versatile password manager, turning on multifactor authentication everywhere possible, applying long and complex bank passwords and not being afraid of the password reset function, keeping your work passwords far apart your personal ones and lastly if pwned protect yourself accordingly. Bradley concluded that the Internet is becoming more hostile and difficult to navigate on a daily basis.

Abridged fromThreat Post