Hackers stole 26 million user login credentials between 2018 and 2020, new study shows

Hackers stole about 26 million user login credentials for almost a million websites through custom malware between 2018 and 2020, according to a fresh study.

The Trojan-type malware that was transmitted through email and illegally downloaded software infiltrated more than 3 million Windows-based computers and stole 1.2 terabytes of personal information, according to the NordLocker malware study.

The illegally downloaded software used to spread the malware included Adobe Photoshop 2018, a Windows cracking tool and many cracked games, the company said. The malware operator “stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files”, NordLocker said.

Malware refers to malicious programme which can be attached to a contact or installed with against the law software. There are several types of malware: viruses that harm the target device, ransomware that encrypts it to extort the dog owner and backdoors that create a way for hackers to access a device anytime.

Cyber attacks have grown across the world within the last 12 months, as more persons work remotely and shop online amid the pandemic.

Identities stolen from UAE individuals are among the most expensive for sale by criminals on the dark web, according to UK-based Comparitech. Stolen records of UAE residents fetch an average of $25 each.

The custom malware uncovered by NordLocker secured login credentials such as for example emails, usernames and passwords from social media platforms like Facebook (1.47 million credentials stolen), Twitter (261,773) and Instagram (153,754), online gaming websites, online marketplaces like Amazon (209,534) and eBay (132,935), job search websites like Indeed and Upwork, and gadgets websites such as for example Apple, Sony and Samsung, the analysis found.

Hackers also stole user credentials from file storage and sharing websites such as for example Dropbox, streaming services such as for example Netflix and Spotify, financial platforms like PayPal and CoinBase, and email services companies such as for example Google (1.54 million), Outlook (403,580) and Yahoo (224,961), based on the research.

Other miscellaneous websites such as for example Uber, Adobe, Autodesk, Skype and WordPress were also targeted by code hackers, it was found.

“Nameless, or custom, Trojans like this are widely available online for less than $100,” NordLocker said.

This malware targeted files that users were storing on their desktops and in download folders. In total, more than 6 million files were stolen, the research found.

More than 50 per cent of the stolen files were text files. The malware stole a lot more than 1 million images, too. The stolen documents database also contained a lot more than 650,000 Word documents and .pdf files, NordLocker said.

The analysis revealed that the malware made a screenshot after it infected the computer and in addition took an image using the device’s webcam.

It was also found that from the total 2 billion stolen cookies, around 22 % were still valid on your day of the discovery.

“Cookies help hackers construct a precise picture of the habits and interests of their target. In some instances, cookies can even give usage of the person’s online accounts,” the analysis said.

Some ways to protect user data from malware include installing antivirus software, practising cyber hygiene, using strong passwords, downloading software from trusted sources, blocking third-party cookies, regularly cleaning cookies and using multi-factor authentication, the NordLocker study said.