31/01/3019
Attacks such as Collection #1, which leaked nearly 800 million emails and passwords on the internet recently, are expected to continue. The alert is from Cyxtera, a company specializing in the detection and prevention of electronic fraud on devices, channels and cloud services.
The breach, considered one of the largest in history involving such leaks, contains more than 12,000 files, with 87 gigabytes of data, posted on a hacker forum.
The list is designed for use in credential stuffing attacks, where cybercriminals enter email and password combinations into a website or service. People who reuse the same passwords across multiple sites are often the most common victims in these processes. “Users who use the same passwords across multiple domains should assume that they can be made publicly available to hackers,” says Ian Breeze, Director of Product Development at Cyxtera.
For the executive, this incident only confirms that other methods are needed to ensure account security. The company listed five recommendations for consumers and institutions to protect against compromised passwords.
1. Using different passwords for each site minimizes the impact from one web platform to another. It is also valid to change passwords over time;
2. More complex passwords for more relevant accounts (such as social networks, emails and internet banking) should be considered;
3. A password manager also facilitates password management and encourages users to choose complex passwords without fear of not remembering them later;
4. Multiple layers of on-premises security such as two-factor and push authentication help prevent stolen passwords from being used on other platforms;
5. If there is evidence of compromise, the account must be deactivated. This is especially important if the user is the victim of a brute force or credential stuffing attack.
EN 
PT 
