Security News > 2020 > June > You DID change your password after that data breach, didn’t you?
In many or most recent data breaches where authentication data gets stolen, the crooks don't end up with your actual password along with your login name.
Passwords usually are - or certainly should be! - stored in a hashed form, where the hash can be used to verify that a supplied password is correct, but can't be wrangled backwards to reveal what the password was.
As a result, most password exposures that arise from data breaches require that the crooks first crack your password by trying a long list of guesses until they find one that matches your password hash.
In other words, if a service provider notifies you that your password hash was acquired by crooks, you'll nevertheless remain safe if you change your password before the crooks get round to cracking it.
The study found that 42 of the 63 participants who were notified about a data breach didn't change any of their passwords at all.
News URL
Related news
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- The quiet data breach hiding in AI workflows (source)
- Hertz confirms customer info, drivers' licenses stolen in data breach (source)
- Hertz data breach: Customers in US, EU, UK, Australia and Canada affected (source)
- Landmark Admin data breach impact now reaches 1.6 million people (source)
- Entertainment services giant Legends International discloses data breach (source)
- 2025 Data Breach Investigations Report: Third-party breaches double (source)
- Yale New Haven Health data breach affects 5.5 million patients (source)
- Frederick Health data breach impacts nearly 1 million patients (source)