The 2019 calendar year had a rough beginning with several massive data breaches. Just this week, more than 600 million account details were stolen from 16 different websites:

  • Dubsmash
  • MyFitnessPal
  • MyHeritage
  • ShareThis
  • HauteLook
  • Animoto
  • EyeEm
  • 8fit
  • Whitepages
  • Fotolog
  • 500px
  • Armor Games
  • BookMate
  • CoffeeMeetsBagel
  • Artsy
  • DataCamp

The account details being sold on the dark web from these breaches include names, passwords, email addresses, and social media authentication tokens. Thankfully, there does not appear to be any payment or banking information among those details.

The stolen passwords were either hashed or one-way encrypted, requiring cracking before use. However, hackers can use a technique called “credential stuffing” to maximize their gain from these passwords. “Credential stuffing” involves an automated program which feeds the stolen data into websites, searching for any sites that accept the stolen passwords. For example, if someone uses the same password for all of their online accounts, once a hacker cracks the stolen password, they will have access to every account they locate using this automated program.

Of course, changing your passwords to make them stronger is important. Many websites and services also offer two-factor authentication, providing users with an extra layer of security. Closing old, unused accounts is also recommended by security experts.

This post was authored by Rachel Soltysiak, candidate juris doctor, Roger Williams University School of Law. Rachel is not yet admitted to practice law.