• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » 26 Million Passwords Stolen in Massive Malware Attack

26 Million Passwords Stolen in Massive Malware Attack

2021-06-14 by Grace Choi

NordLocker Says Windows PCs Breached by Unknown Attackers

Note: We may earn a commission from products or services when you click on a link and make a purchase.

Millions of passwords have been stolen from Windows computers. From 2018 to 2020, Windows PCs have been hit with an unidentified malware attack, resulting in a breach of 1.2 terabytes (TB) of private information. According to NordLocker, the following information was found in the stolen database:

  • 26 million login credentials
  • 1.1 million email addresses
  • 2 billion browser cookies
  • 6.6 million personal files
  • 1 million images
  • 650,000 Word or PDF files

Passwords stored in text files (such as Notepad) were also found in the database

After infecting the computer, the malware also took a screenshot of the computer and took a photo using the computer’s webcam. Additional data from games, apps, messaging, and file-sharing platforms were also stolen.

READ NordVPN Review – We Tried the Desktop and Mobile App

Who is the Attacker?

While the origin of the malware is unknown, experts at NordLocker have noted that massive breaches such as this one have been used with the initial intention of stealing cryptocurrency. After fulfilling their goal, the attacker would then post the data for sale on hacker forums.

This information is most valuable to other malware groups, especially those dealing in ransomware, which has gained popularity over time. Ransomware is considered the most lucrative for the attacker, and crippling for victims, as it often encrypts a company’s data and ransom is paid in exchange for a decryption key. In the case of Colonial Pipeline, the attacker (DarkSide) encrypted the company’s data, crippling their operations. Due to the significance of the pipeline in fuel and oil supply to the northeast and southern parts of the U.S., the victim paid the ransom and was given their decryption key. However, in the case of Vastaamo, a Finnish mental healthcare network, no encryption occurred. Instead, there was a threat of the release of private patient information and psychotherapy session notes.

SEE ALSO Dark Web Breach Leaks 600K Stolen Payment Cards

How to Know if Your Passwords were Stolen

Have I Been Pwned is a free service that allows you to enter your email address or phone number into a database search that will tell you if you were the victim of a reported breach. They have just uploaded a list of affected accounts from this recent attack, so this will be the most reliable way to confirm whether or not you have been affected.

In the meantime, it is wise to take precautions to prevent future cybersecurity incidents to your personal accounts:

  • Set secure unique passwords: many sites will require that you include one uppercase letter, one lowercase letter, one number, and one symbol, if not some combination of those items. It is also wise to refrain from using any easy-to-guess words or your name in the password.
  • You can also opt to use a unique password generator, which will give you a password that is not easy to remember but is also difficult to hack. We recommend writing it down on a piece of paper rather than save it on your device, as it has been made clear that even note and document applications are not safe from online attacks.
  • Avoid using public wifi, which removes a level of defense and makes you more vulnerable to attacks.
  • Install a firewall to further secure your home network.
  • Use a Virtual Private Network (VPN) to encrypt your messages and images

SEE ALSO 13 Tips for Safe Smartphone Shopping

Filed Under: News Tagged With: Windows

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version