But where do the hackers get the passwords and email addresses from in the first place? You may have noticed over the past few years there has been a persistent surge in database hacks with attackers often making off with millions of password and email addresses. These mega-breaches happen with predictable frequency.
1)This information can be quickly and cheaply bought from dark web sellers, or even downloaded for free in some cases.
2)From a buyers perspective the ‘fresher’ this data the better and the more chance of credential stuffing attacks that work.
3)Because many people use the same password across different online services an attacker essentially can potentially access lots of services with the same password and email address.
WHAT CAN I DO TO PROTECT MYSELF?
The simplest and most effective step you can take is to enable 2FA. This means an account can’t be accessed without entering a second identifier beyond a password.
It’s a usually a four or six digit number that is sent to your mobile phone after you have entered your password.
To see if the online services you use such as email, e-commerce and retailers offer 2FA check the security settings on your accounts.