Security News > 2020 > June > You DID change your password after that data breach, didn’t you?
In many or most recent data breaches where authentication data gets stolen, the crooks don't end up with your actual password along with your login name.
Passwords usually are - or certainly should be! - stored in a hashed form, where the hash can be used to verify that a supplied password is correct, but can't be wrangled backwards to reveal what the password was.
As a result, most password exposures that arise from data breaches require that the crooks first crack your password by trying a long list of guesses until they find one that matches your password hash.
In other words, if a service provider notifies you that your password hash was acquired by crooks, you'll nevertheless remain safe if you change your password before the crooks get round to cracking it.
The study found that 42 of the 63 participants who were notified about a data breach didn't change any of their passwords at all.
News URL
Related news
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)
- Ireland fines Meta $264 million over 2018 Facebook data breach (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)
- Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts (source)
- 46% of financial institutions had a data breach in the past 24 months (source)
- UN aviation agency investigating possible data breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- Largest US addiction treatment provider notifies patients of data breach (source)
- STIIIZY data breach exposes cannabis buyers’ IDs and purchases (source)