top of page
Search

Largest collection of passwords ever has been leaked online!


8.4bn passwords have been posted on a hacker forum and made available to anyone that wants them.

The largest password collection of all time has been leaked on a popular hacker forum after a user posted a 100GB text file containing 8.4bn passwords that were likely combined from previous data leaks and breaches.

According to the author of the post, all of the passwords included in the leak are between 6-20 characters long and all non-ASCII characters and white spaces were removed.


And there's More.....


LinkedIn data breach 2021


Date: June 2021

Impact: 700 million users

Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.

The data was dumped in two waves, initially exposing 500 million users, and then a second dump where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn.


Preview of leaked data - Source: 9to5mac.com

The hackers published a sample containing 1 million records to confirm the legitimacy of the breach. The data included the following:

  • Email addresses

  • Full names

  • Phone numbers

  • Geolocation records

  • LinkedIn username and profile URLs

  • Personal and professional experience

  • Genders

  • Other social media accounts and details

The hacker scraped the data by exploiting LinkedIn's API.


Facebook data breach 2019


Date: April 2019

Impact: 533 million users

In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 533 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data. Read more about this Facebook data breach here.

This database was leaked on the dark web for free in April 2021, adding a new wave of criminal exposure to the data originally exfiltrated in 2019. This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021.

All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. And still there's more...


Check If Your Email Has Been Compromised (Pwned)

You can check if your email address has been 'pwned' here: https://haveibeenpwned.com/

I can guarantee a large number of you that are reading this will have been pwned!


What Can I Do?

1. Don’t use the same password for multiple accounts

This ensures that if a company has a data breach and your password is compromised, you only have to worry about one account. If you reuse passwords and there’s a data breach, you need to take action on all of those accounts. The additional risk is not worth the convenience of reusing the same password.


2. Don’t use personal info in your password

Never use your personal information as part of your password (your pets’ or family members’ names or dates of birth), as this type of information can be easily obtained. The goal should be making your password impossible to guess and “Fido2021” isn’t difficult to figure out.


And Most Importantly You MUST Protect Your Data

As well as protecting your privacy with a Guardian Router encrypting your files is one of the most important things you can do.

  • The easiest and simplest way to protect your data is to encrypt it. This way, and if encrypted properly, if you are hacked or have your cloud account hacked your data is safe. There are are many data encryption programs available, some of which are free but beware as they are not all as safe and secure as they seem. We have tested many of these and without a doubt Axcrypt is the number one.


AxCrypt in short

AxCrypt offers strong encryption with 256-bit encryption to secure your data in the three stages of data; data at rest, at transit and in use. Moreover, AxCrypt also provides its users a password management generator that ensures your passwords are as secure as possible. It also provides a collaboration tool that allows users to share secured files and data with other AxCrypt users. In addition to this AxCrypt helps in secure sharing of files with key sharing and master key features.


Axcrypt comes with a 30 day money back guarantee, works across platforms, has Mobile apps for Android and IOS and is loaded with fantastic features not seen in other programs.


Axcrypt Features

  • Lightweight Small download.

  • Integrated password generator and manager Easily generate and mange all your passwords

  • Easy installation and use Simple user interface, with Windows Explorer integration.

  • Fast download and upload Intelligent optional compression.

  • Convenient to use Passwords are remembered in a session.

  • Windows compatible Windows Vista/2008/7/8/10 32- and 64-bit compatible.

  • MacOS compatible OS X 10.8 Mountain Lion or later.

  • Mobile App Android 4.0.3 or later, iOS 8.0 or later.

  • Standards based cryptography Only uses well-researched cryptographic algorithms and modes of operation.

  • Data integrity verification Secured files cannot be modified without detection.

  • Automatic file updating Automatic update of the secured file after open and save.

  • Local device security Shredding of all temporary and encrypted plaintext files.

  • Large file support Support for files larger than 4GB.

  • Metadata retention Retains original file name and information of a secured file.

  • Brute force resistant Dynamic brute force counter measure - iterative password wrapping making attacks even harder.




AxCrypt offers its customers the best solution to safely encrypt files, as long as the customers have control of their own passwords. Even though encryption is complicated, AxCrypt is constantly working on making encryption more user-friendly. Moreover, AxCrypt ensures the strongest file security with 256-bit encryption, safeguarding confidentiality and integrity.


In order to achieve good security, it’s beneficial to understand a little bit about how to best use AxCrypt with passwords and local PC security. There are also some details on the algorithms and methods used in AxCrypt below.

Why is AxCrypt secure?

AxCrypt is secure because it endeavours to only use accepted practices and algorithms and does not attempt to invent any new encryption algorithms or methods. It’s also open source; Anyone may inspect the source code, check it for errors, omissions or back doors. It has been used and inspected for vulnerabilities for over 15 years and tried by more than 30 million users, without any known weaknesses.

How secure is AxCrypt?

This question breaks down to effective encryption key lengths. The key length used is 128 or 256 bits – exhaustive search is not currently believed to be an option in either case and it is computationally infeasible in cryptographic terms. The problem lies with the passwords used – this is the weak point. You can read more about what to consider when choosing a password below.

Password considerations

AxCrypt uses AES-128 or AES-256 in the Premium version – but if you want to achieve that level of security you must give it 128 or 256 bits of truly ‘random’ data. This is very hard to do, but the easiest way to even approach this is to use the password generator included in Premium.

To actually get 128 or 256 bits, you’ll in practice have to save this password in a text file, and then keep that text file very secret. Using typical English language in a password, 128 bits is approximately equivalent to 10 ‘random’ words, and 256 bits thus twice this. Do not use meaningful sentences and absolutely not famous or even obscure quotations! By introducing variations on the case, as well as non-alphabetic characters you can reduce the number of words necessary. It’s not recommended to use less than 5 words. If you use a completely random selection of upper and lower-case letters and digits, you need 22 characters to achieve 128 bits security, and thus 44 characters for 256 bits. (The above is a slight simplification of the issue, but it should serve.) The shredding, or wiping, feature of AxCrypt allows you to erase files in a way that makes it impossible to recover the contents with undeletion software. However, there are some caveats:

  • The name of the file, as well as the size, may be recovered.

  • If the file has been viewed or edited with an application that creates temporary copies of the content (such as Microsoft Office), those temporary copies may still be available for undeletion on your hard disk.


Encryption Algorithms

The cryptological primitives are AES-128 or AES-256 for bulk encryption, PBKDF2 with HMAC-512 for key derivation, 4096-bit RSA for the account key, and HMAC-512 for integrity checking.

The algorithms used are deemed secure as such by the US Government and the Internet community.

Key wrapping of the password is done using the NIST specification for AES Key Wrap. The key derived from the password with PBKDF2-SHA512 is only used as a key encrypting key.

As a brute force counter measure, key wrapping is done with at least 5 000 iterations, increasing the work effort with approximately 12 bits. The actual iteration count is determined dynamically, a typical value is 25 000 to 100 000, adding 14-17 bits of effective key-length. The faster machine you install AxCrypt on – the better the security!

AxCrypt uses the Advanced Encryption Standard with 128-bit or 256-bit keys in Counter mode with a ‘random’ IV for the data encryption.

For integrity verification AxCrypt uses HMAC-SHA512, i.e., Hash Message Authentication Code using SHA-512 with 512-bit output.

The pseudo random number generator (PRNG) used is primarily the operating system provided one, in some cases with added entropy added.


How do I get my AxCrypt free trial and Discount?

You can sign up and try Axcrypt FREE for 30 days on our link here: Guardian Axcrypt Promotion


Not only will you get the 30 Day trial but if you decide you like it and sign up for the premium / business version you will save up to 20%


With data breaches becoming a daily occurrence with the largest, most popular companies hitting the headlines, and If you are serious about protecting your data and your identity give Axcrypt a try - you have nothing to lose!


208 views0 comments

Comments