In light of the recent 700 million email data leak on August 30 of this year, I have created CredCheck. I would like to throw out a personal thanks to Troy Hunt owner and operator of HaveIBeenPwned. CredCheck is a windows program that uses the HaveIBeenPwned API to check email addresses and give details on who’s information has been leaked, and how severe the leak was.
Troy managed to gain access to the details of the leak after a Paris-based hacker, who goes by Benkow, located the server (which is based in the Netherlands). Just knowing the IP address of the server Troy was able to easily browse the entire contents, of which were obtained by Ursnif, a trojan that is specifically designed to steal login and payment details.
In 2011 an analysis of the Gawker password set found 76 percent of people reused, or “recycle” their passwords. The dangers of this are insurmountable, especially when leaks like what just occurred do happen. When leaks occur, if you are one of those that happen to reuse passwords now attackers and/or just random people online have access to every account you own, pardoning 2-factor authentication which has also been shown not to be fool-proof.
The easiest way around this is to use a password manager to easily keep up with unique passwords for every account you have. Password managers make it easy to secure all of your login credentials in one place, and most these days allow for random password generation and have the ability to easily change passwords for other sites.
LastPass is by far one of my favorite ones, but there are others out there. I fully encourage everyone to check to see if your creds have been leaked and immediately go and change them!