Data Breach – Introduction

You know I wrote an article on the introduction of the cybersecurity, and this is the second part of this.

First you must monitor your email, for this, I use the best website IhaveBeenPwned thanks to this site you can see if your account appear in public databreach, for example:

In this screenshot we can see that the account appear in 5 databreachs, if we scroll down the page we can see what sites are concerned.

Now you must change your password and please I hope your password was not reuse on another site. More please, please, please don’t use password that is inside of the top 100 most common passwords.
You don’t know what are the top 100 most common passwords? go to this site and you will have the list.

Don’t afraid, nobody can know what are your password, at least on this site. We have a lot of sites that permit someone to download a password for a specific account, I think you have already understand leakedsources?

With this site you can pay for know the password of someone. But warning it’s illegal and this domain has already seizure in the past by the FBI

Once a password has been leaked, a few people will be try the email and the associate password on different services likes gmail, paypal, epic game, deezer, spotify, nordvpn etc. If it match, your account can be sell in a different websites or services like on telegram group for example:

In this screenshot you can see a sample of account sell on a dedicated website. I will write a new article on this type of sites. The price is low very low, but the danger is very high, for example this list cost in average $15, but we can also find a list of valid login for differents services

Now you can ask you how the databreach exist? And the answer is simple, because : the fucking developers don’t care about the cybersecurity, well I said developers… I mean boss, a lot of boss just want to produce, but don’t care the cybersecurity, except when they are hacked… We want a few example? no problem I can give you a recent example:

• https://www.cisomag.com/french-newspaper-le-figaro-exposes-7-4-bn-users-records/
  • How this thing is possible? 8To of data well, it’s just awesome and the passwords are encrypted using MD5 algo in other words the password are in clear text…Just AMAZING

But I insult the developper, but in this case it’s not really the developper, it’s just the sysadmin no? but it doesn’t matter, the evil is done…

I want you understand, don’t use the same password on different website… you use a lot of key for your house, your car, your locker, but you accept to have one password on multiple sites? It does not make sense.. You can and you must use differents passwords. I read an article that show us the difficulty to crack a password in function of it complexity, Promise I will find again this article in order to give you the link.

What do you do in order to improve your security?

• Don’t use the same password on different website
• Don’t use a low password like : admin, password
• Don’t use password with personal information : name+birthday, son’s name
• Use a password manager like keepass, enpass, lastpass but warning, if someone can steal your database and crack your password he will have access to every password store inside.
• Change your password regularly at least once a year
• If possible use the OTP to improve your security

I finished for the moment, I hope this article liked you, if you have any question don’t hesitate to add a comment I’ll answer you with pleasure…