| 29 February 2024, Thursday |

Hackers stole 26 million user login credentials between 2018 and 2020, study shows

The NordLocker malware study showed that hackers spoiled about 26 million user login credentials for almost a million websites through custom malware between 2018 and 2020.

The Trojan-type malware that was transmitted through email and illegally downloaded software infiltrated more than 3 million Windows-based computers and stole 1.2 terabytes of personal information, according to .

The illegally downloaded software used to spread the malware included Adobe Photoshop 2018, a Windows cracking tool and several cracked games, the company said. The malware operator “stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files”, NordLocker said.

Malware refers to malicious program that can be attached to an email or installed with illegal software. There are different types of malware: viruses that harm the target device, ransomware that encrypts it to extort the owner and backdoors that create a way for hackers to access a device at any time.

Cyber attacks have grown across the world in the last 12 months, as more people work remotely and shop online amid the pandemic.

Identities stolen from UAE consumers are among the most expensive for sale by criminals on the dark web, according to UK-based Comparitech. Stolen records of UAE residents fetch an average of $25 each.

The custom malware uncovered by NordLocker secured login credentials such as emails, usernames and passwords from social media platforms like Facebook (1.47 million credentials stolen), Twitter (261,773) and Instagram (153,754), online gaming websites, online marketplaces like Amazon (209,534) and eBay (132,935), job search websites like Indeed and Upwork, and consumer electronics websites such as Apple, Sony and Samsung, the study found.

Hackers also stole user credentials from file storage and sharing websites such as Dropbox, streaming services such as Netflix and Spotify, financial platforms like PayPal and CoinBase, and email services companies such as Google (1.54 million), Outlook (403,580) and Yahoo (224,961), according to the research.

Other miscellaneous websites such as Uber, Adobe, Autodesk, Skype and WordPress were also targeted by hackers, it was found.

  • The National News