Earlier in January, it was warned about the "greatest passordlekkasjen in the internet's history". The leak included a 87 GB large database with e-mail addresses and their passwords.
Dagbladet, studies show that this estimate is only one-tenth of the total database. Open on the web, we found a total of seven collections with leaks that includes a database of 847 GB.
It is about several ancient passordlekkasjer, of which the oldest are up to several years old. And worse;
In the database, found the Newspaper at least 1.5 million Norwegian e-mail addresses and their passwords.Password to 773 million. e-mail addresses leaked, the Number tripled
Also in October, a similar leak widely reported in Norwegian media. Then wrote Aftenposten that the password that is been used by prime minister Erna Solberg, digitaliseringsminister Nikolai Astrup, Telenor ceo Sigve Brekke, DnB ceo Rune Bjerke, lying open on the web.
It was a reminder that the password can get on the way. Fortunately this was not a password I had used for many years. It is important to change your passwords frequently, said Astrup to the Newspaper shortly after he Tuesday was Norway's first digitalminister .
The time showed Dagbladet surveys that 573 000 Norwegian e-mail addresses were affected. Dagbladet investigations of the recently released database shows that 1.5 million. Norwegian e-mail addresses are affected.
director of information in the National sikkerhetsmyndighet (NSM), Trond Øvstedal, confirming that they are aware of the previous passordlekkasjene.
We are familiar with these dumpene, and see that there certainly is reason to follow the recommendations we have given previously, " says Øvstedal Dagbladet, and refers to the NSMs passordanbefalinger.Unknown
There are probably far more Norwegian e-mail addresses that have been affected, because many norwegians also have accounts on domains that gmail.com, msn.com and hotmail.com.
- There are enough horrible big unknown, " says security expert and researcher at NTNU and SINTEF, Maria Bartnes, to Dagbladet.
the Database contains among other things, 3322 e-mail addresses associated with the domain to the university of Oslo, 282 affiliated with the police, five associated with the PST, over 100 affiliated in the Parliament and at least 437 that are associated with the domains of the various ministries.
we Have seen a similar collection in the past?
" No, not that has been leaked publicly so that everyone can play around with it. It is probably the first of that size, " says security expert Per Thorsheim to the Newspaper.the Password to a number of staff at the Castle are searchable on the web - Has lost the value
Thorsheim points out that there are undergrunnsforum where one can find many minor leaks, which, together, can be bigger than the Newspaper has gotten hold of.
- you Know what you're looking for, you can find both newer and more dangerous leaks.
- This collection lost its value, in that it was published. You can no longer sell it, and therefore it is given out so that others can play around with it, " says Thorsheim.
Sikkerhetseksperten estimates that two-third of the 1.5 million. leaked e-mail addresses can be from a completely trifling services which the norwegians do not take advantage of the longer, or does not pose any danger. He estimates also that there are more than 100 000 combinations of e-mail addresses and passwords that work today.
- But the same time, we know that very many people use the same passwords on other services too, " he says.identity Theft
If someone is sitting on your e-mail address and password, you can utmost consequence be the victim of identity theft, according to Maria Bartnes.
- If an attacker is sitting on your password, he or she can instantly take control over all other accounts. The consequence can be that some can use the money in your name by ordering goods or services, " says Bartnes to the Newspaper.
With control over the e-mail account, an attacker could simply click on the "forgot password"button on all the other services that are associated with your account - and on the way take possession of them also.
- It puts the owner of the e-mail account in an extremely difficult situation, for it is very difficult to prove that the person is who he says he is.The biggest password leak for now: Check if you are affected dinside Experts 'top tips
- If you can find your own e-mail address in the database, you should immediately change the password on all services where you have used it," says Bartnes.
Her best tips to avoid getting hacked, is to use their own password for the main services, f.ex. e-mail account and the login prompt on your work site.
The other Bartnes recommend is to use long passwords.
- A good password is long, and can often be a sentence. "Jegluftethundenigår" for example, is better than a short password with combinations of numbers and uppercase and lowercase letters.
Both Bartnes and Thorsheim also recommend to make use of tofaktorautentisering - also called totrinnsbekreftelse - if the service allows it.
Good security is not only the responsibility of the user, believe Bartnes.
A good piece of advice to businesses is to make sure to handle and store the password in a satisfactory manner. Although it is not the majority anymore, there are many businesses that provides the password in plain text if you press on the "forgot password"button.Warns celebrities: how To protect yourself against passordtyveri Dagbladet Plus