what we know so far and how to know if you have been attacked




A few days ago, a group of researchers from the NordLocker company claimed to have discovered a malware that had managed to steal 26 million access passwords to different user services Windows.


In the following days more information has been revealed and here you go a summary of what we know so far about this attack. And also a solution so you can check if your personal passwords have been stolen by this mysterious attack.




Recall that this revelation comes just a few days after the name RockYou2021 was known: someone published in a popular 'hackers' forum, a huge .TXT file weighing 100GB with more than 8,400 million passwords.



What this malware has managed to steal




password




The database discovered by NordLocker contains 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. This database contained 1.2 TB of information and 400 million of the stolen cookies were still valid when the database was discovered.



As Wired recalls, in some cases, victims stored passwords in text files created with the Notepad application, the Windows notepad.



The stolen data also came from messaging apps, email services and games. Data was extracted between 2018 and 2020 from more than 3 million PCs.



The information stolen also includes more than a million images and more than 650,000 Word and PDF files. In addition, the malware was found to take a screenshot after infecting the Windows-based computer and take a photo of the user using the device's webcam.



When was this attack and what is known about its origin




passwords




According to research and information published so far, data were extracted between 2018 and 2020 of more than 3 million Windows-based computers.



Screenshots taken by the malware reveal that it is was able to spread through unlicensed software like Adobe Photoshop, Windows cracking tools and unlicensed games.



What is not known (or has not been revealed at the moment) is who carried out this attack.



How to know if you have been attacked and how to stay protected




have i been pwned




The well-known service to check if your passwords are safe, Have I Been Pwned, you have updated your database ** with the new filtration, according to its founder Troy Hunt.



When using this Have i Been Pwned website, if any of your passwords appear among those that have been stolen, you should change it as soon as possible.







Phishing: what it is and different types that exist






In addition, to stay protected, NordLocker recommends using password managers to protect credentials and automatically fill in the information, since they warn that web browsers are not good at protecting sensitive data. On the other hand, remember that some cookies are valid for 90 days, and others do not expire for up to a year. "Make clearing cookies a monthly habit," they explain.



Peer-to-peer networks are often used to spread malware. Download only software from the developer's website and other known sources. Also, keep your antivirus updated so that it can warn you of attacks.