Hacked!

A recent Fox News story reported that threat intelligence firm, Synthient, performed a search of both the internet and dark web looking for leaked credentials and found that a staggering 1.3 BILLION passwords and over 2 BILLION unique email addresses with stolen login information had surfaced. Leaked credentials and credential stuffing lists come from previous data breaches and are compiled into large databases.

How this works - If you have a password that was identified in a previous hacking attempt, there's a good chance you've used that same password for another account, email or website that was NOT part of the initial hack. Hackers will try to use this password on other accounts belonging to you and gain access without needing to crack passwords. Cybercriminals share or sell these credentialing lists with other hackers, usually on the dark web.

How do I know if a password of mine was stolen or part of a hack list? - To check your email, go to a website called Have I Been Pwned? The link is: Have I Been Pwned: Check if your email address has been exposed in a data breach. Once there, simply put in your email address and within seconds, you will be presented with a list of data breaches where your information was hacked in previous hacking incidents, when it was hacked and what information may have been shared with hackers. including but not limited to:

• Email Address

• Gender

• Geographic locations

• IP addresses

• Names

• Passwords

• Phone Numbers

• USERNAMES

• Social Media Profiles

• Physical Addresses

What do I do once I identify a vulnerable account of mine? - There are several strategies to combat leaked credentials:

• Change any exposed passwords IMMEDIATELY on every site where you've used this password.

• Create a new login that's strong, unique and not similar to the old, hacked password.

• Employ the use of a strong password manager - Password managers create strong passwords for each site you need to log into - some work differently than others, but many will simply store your login and password information locally so when you go to an identified website on your personal secure computer, it will ask you to verify yourself either with a pin or two factor authentication and then log you in using the stored credentials automatically. Some recommendations include:

  
  

• Nordpass https://nordpass.com

• Password https://1password.com

• Keeper https://www.keepersecurity.com

• Lastpass https://lastpass.com

• Proton Pass https://proton.me/pass

• Norton https://us.norton.com

• Aura Secure Password Manager | Protect Your Passwords | Aura

• Roboform https://www.roboform.com/

  
  

• Turn on Two-factor authentication - Two-factor authentication adds a second step to log in to a site. This could be a code sent to your cell phone that you would transfer to the website or via an authentication app or physical security key.

• Protect your devices (computer, cell, etc.) from malware and viruses by installing strong antivirus software.

• Use Passkeys if possible - passkeys use a technology called cryptography that when implemented, uses a public AND a private key. The public key goes to the website, and the private key stays on your device (like your cell phone). With a private key, your device becomes the password authentication - it can't be hacked by the website, because it sits on your device and not the website, which blocks phishing and password theft. It sounds complicated, but in reality, it makes sign-ins faster and easier. A passkey is just like two-factor authentication - it adds a layer of protection to logins.

• Keep your software updated - updates patch security gaps that criminals try to exploit. When a software company identifies a weakness in their software, they update it to "fix" the issue.

• Use a Data Removal service. Leaked passwords often come from old profiles on sites you've long forgotten about and no longer use. A Data removal service will scan the web looking for your username, email address or other identifying factors and eliminate these old accounts for you. These services aren't inexpensive, but neither is your information floating around on the Internet.

You may be interested to know what Americans most used passwords in 2025 were. According to NORDPASS, the top 20 most common passwords people employ in the USA this year are:

• admin

• password

• 123456

• 12345678

• 123456789

• 12345

• Password

• 12345678910

• Gmail.12345

• Password1

• Aa123456

• f*********t

• 1234567890

• abc123

• Welcome1

• Password1!

• password1

• 1234567

• 111111

• 123123

If you've gotten this far in the post and your head is spinning, you're in good company. For those of us who are not tech savvy, I'm sure you have a friend or friend's kid who will be happy to help you get set up in making your information more secure.

The above tips and information are just several steps to help secure your most valuable information from online hackers and cybercriminals and if you do NOTHING else, at minimum, Ensure you use unique STRONG passwords for each of your accounts and check out your email address on the Have I been PWNDED website - It's a rude awakening and may identify accounts you thought were long removed or deleted.

And while each of the above password managers offer a paid solution, many have free basic offerings that you may want to try. Check out their websites for more information.

Research for this story came from various websites including www.foxnews.com, cyberguy.com, https://us.cybernews.com/lp/best-password-managers-us/.