Weekly Threat Report - 20th December 2019
Google lets users know if their password has been hacked
Google will now automatically alert people if they are using a password that has been compromised by hackers or leaked as part of a data breach.
The new feature, which is included in the latest update to the Chrome web browser, is built into Google’s existing password manager. It scans passwords entered against a database of known stolen passwords which have been leaked online. The feature has also been engineered so that user's usernames and passwords are shared with Google in an encrypted form making it impossible for them, or anyone else, to work out what they were. Reusing the same password across different accounts can be dangerous. Password managers help users to securely store their passwords, which means that you don’t have to remember them all. The NCSC has published advice which outlines the benefits of using a Password Manager and how to protect it.
Earlier this year, the NCSC and Department for Digital, Culture, Media and Sport (DCMS) revealed the most commonly re-occurring passwords that have been compromised in global cyber breaches.
More than a million web browsing records leaked
A South African I.T company has leaked an 890GB database containing over one million sensitive web browsing records.
Conor Solutions, a mobile technology specialist with a range of big-name telecommunications and ISP clients, left an Elasticsearch database online without any password protection. This breached database held information related to web-filtering products made by the company, and revealed client user activity logs that included website URLs and IP addresses.
The leaked details also included user attempts to access social media accounts, online storage, messaging apps such as WhatsApp, and adult websites.
Large stores of data are a tempting target for attackers. The NCSC has published advice to businesses on how to adequately protect such information and how to protect against the phishing threat following data breaches.
Anyone concerned about the security of their online accounts should follow the guidance in ‘top tips for staying secure online’.