NordLocker Says Windows PCs Breached by Unknown Attackers
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Millions of passwords have been stolen from Windows computers. From 2018 to 2020, Windows PCs have been hit with an unidentified malware attack, resulting in a breach of 1.2 terabytes (TB) of private information. According to NordLocker, the following information was found in the stolen database:
- 26 million login credentials
- 1.1 million email addresses
- 2 billion browser cookies
- 6.6 million personal files
- 1 million images
- 650,000 Word or PDF files
Passwords stored in text files (such as Notepad) were also found in the database
After infecting the computer, the malware also took a screenshot of the computer and took a photo using the computer’s webcam. Additional data from games, apps, messaging, and file-sharing platforms were also stolen.
Who is the Attacker?
While the origin of the malware is unknown, experts at NordLocker have noted that massive breaches such as this one have been used with the initial intention of stealing cryptocurrency. After fulfilling their goal, the attacker would then post the data for sale on hacker forums.
This information is most valuable to other malware groups, especially those dealing in ransomware, which has gained popularity over time. Ransomware is considered the most lucrative for the attacker, and crippling for victims, as it often encrypts a company’s data and ransom is paid in exchange for a decryption key. In the case of Colonial Pipeline, the attacker (DarkSide) encrypted the company’s data, crippling their operations. Due to the significance of the pipeline in fuel and oil supply to the northeast and southern parts of the U.S., the victim paid the ransom and was given their decryption key. However, in the case of Vastaamo, a Finnish mental healthcare network, no encryption occurred. Instead, there was a threat of the release of private patient information and psychotherapy session notes.
How to Know if Your Passwords were Stolen
Have I Been Pwned is a free service that allows you to enter your email address or phone number into a database search that will tell you if you were the victim of a reported breach. They have just uploaded a list of affected accounts from this recent attack, so this will be the most reliable way to confirm whether or not you have been affected.
In the meantime, it is wise to take precautions to prevent future cybersecurity incidents to your personal accounts:
- Set secure unique passwords: many sites will require that you include one uppercase letter, one lowercase letter, one number, and one symbol, if not some combination of those items. It is also wise to refrain from using any easy-to-guess words or your name in the password.
- You can also opt to use a unique password generator, which will give you a password that is not easy to remember but is also difficult to hack. We recommend writing it down on a piece of paper rather than save it on your device, as it has been made clear that even note and document applications are not safe from online attacks.
- Avoid using public wifi, which removes a level of defense and makes you more vulnerable to attacks.
- Install a firewall to further secure your home network.
- Use a Virtual Private Network (VPN) to encrypt your messages and images
SEE ALSO 13 Tips for Safe Smartphone Shopping