Over the years there have been more and more cases where hackers have compromised a wide range of organisations and harvested the account details from them. These details usually include at least name, email and password but have also been known to include address details and debit or credit card info and paypal accounts as well as much more.
These compromised accounts are often sold on the dark web or as has become more prevelant of late – they are simply released publicly.
For the hackers out there, the value of that data from a stolen user account goes far beyond simply logging in to the compromised site.
Generally people online are not in the habit of using best practices when it comes to password management.
What do I mean by best practice?
Most people are unlikely to changes their passwords regularly or use strong passwords in the first place and generally people will reuse the same password from account to account. Therefore if a hacker gains access to one account, they may well be able to explore all of the users other accounts and then hijack them at will.
Gaining website admin access from the leaks
It seems that hackers are taking a direct approach to finding websites that utilise the username / password combinations to gain admin access. The leaks gave an email and password – the hackers are simply checking the email against the DNS records of the site and looking for potential targets.
Hackers are using brute force attacks with these username / password combinations and although on average they are only trying four times, the leaked accounts give them a much higher chance of success.
Where are the leaks coming from?
There have been numourous leaks over the years but there are now 1.4 billion records on file in a downloadable database which include historical leak data. If you want to check yourself and see if you have been party to a breach then you can visit https://haveibeenpwned.com/ where you can check your email address and view potential leaked data.
Ensuring your website is not at risk
1 – Ensure that you have strong and unique passwords on all user accounts and that these are not shared with anyone.
2 – Delete any unused accounts and admin accounts that are not in use.
3 – Change your default “admin” username to something harder to guess.
4 – Enable two-factor authentication on all admin accounts.
5 – Check to see if your email is part of the breach.
6 – Check to see if your password has been exposed in the breach.
7 – DO NOT USE THE SAME PASSWORD ON MULTIPLE ACCOUNTS.