Last week it was announced that the passwords of 1.4 million cryptocurrency wallets from GateHub were leaked on the dark web. This means that all coins in these wallets are potentially in danger. Unless you change your password.
And that is precisely where the National Check Your Passwords Day has been created. Ok, not necessarily for lost cryptocurrency, but to use passwords more securely.
November the month of the passwords leaked?
The leaked passwords and accounts of GateHub are part of a large data dump on the dark web. Security expert Troy Hunt from the Have I Been Pwned website analyzed the mountain of data and also found 800,000 hacked accounts of EpicBot.
Incidentally, they are not only passwords, but also two-factor authentication keys and hashes. GateHub denies that hashes have been leaked. The EpicBot database probably contained usernames and IP addresses. Hunt said he has taken a representative sample to verify the authenticity of the data.
Page 1 from Google
The examples above are not the only ones. A selection from last month’s news:
- On November 1, data from 290,000 accounts from Hookers.nl, a forum where mostly women of pleasure are discussed, was stolen. It concerned usernames, e-mail addresses, IP addresses and passwords.
- On November 18 it was announced that the details of 452,634 players of Magic: The Gathering were on the street. This is due to a data breach. A database with a backup file was not password protected. This allowed everyone to access the data. Think of names and user names of players, e-mail addresses and passwords.
- It was announced on November 21 that Disney + passwords are already being offered for sale. The reason? Many used far too simple passwords or passwords that they used before.
So what can we learn from this?
Tips to improve your online safety
- This may seem logical, especially for people who have cryptocurrency, but rule 1 is to never reuse your passwords. Because suppose you use one password for all your accounts, then the data from 1 account will be on the street and all your accounts with all different services are at risk. This is especially true if you use the same e-mail address to log in for different services. If that is the case, check haveibeenpwned.com to see if accounts with your email address have ever been hacked.
Bitmex was confronted with a data breach on 1 November. Customer email addresses were leaked and if you had used the same email address and password for this as your Linkedin, then your cryptos are not secure.
- The second rule is not to use simple passwords. If your password is “12345”, “password” or “qwerty”, shut down your computer or telephone. Throw it in the water, count to 100 and reflect on all your sins. It is better to use randomly generated passwords that do not contain recognizable words. It is also not advisable to use birth data, addresses or anything else that is easy to guess.
- The third rule, and the reason why this day was created, is to periodically change your passwords. That sounds like a big task, but it doesn’t have to be difficult at all.
The passwordbewust.nl website recommends using a password manager. Consider, for example, LastPass. With this you generate a different, random password for each account. And you can also adjust this periodically.
We too cannot say this often enough; bitcoin and cryptos are fun but also carry a certain responsibility. You are responsible for security and for your passwords. Handle this well.