Jan 3, 2022
Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably pretty bad, but where was it stolen? When? What has been stolen? How about your password and how safe is that password? We're going to show you real hard evidence, and what you can do to fix things!
[Following is an automated transcript]
[00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important.
[00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, nothing, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen.
[00:00:49] That's where they sell it. That's where you can buy a tool to do ransomware hacking all on your own. Far less than 50 bucks. In fact, ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and you sign up with them, you pay them a 20% or sometimes more commission.
[00:01:12] You get somebody to download in fact to themselves with the ransomware and they do everything else. They take the phone call, they find out what it is. Company is doing and they set the ransom and they provide tech support for the person that got ransomed in order to buy Bitcoin or sometimes some of these other cryptocurrencies.
[00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of ransomware. We're going to talk about that a little later here, but here's the bottom line. You really want to know this. You want to know if the bad guys are trading your information on the dark web, you want to know what information they have, so you can keep an eye on.
[00:02:11] Now you guys are the best and brightest, you know, you gotta be cautious or you wouldn't be listening today. And because, you know, you've been caught need to be cautious. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use, that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for.
[00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad.
[00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report.
[00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name.
[00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet.
[00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about.
[00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web.
[00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information.
[00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here.
[00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good.
[00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture.
[00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help.
[00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of
[00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service?
[00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for.
[00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails.
[00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email.
[00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time.
[00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts.
[00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe.
[00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to.
[00:11:29] Have you been hit by ransomware before? Well, it is a terrible thing if you have, but what's the future of ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come.
[00:11:46] The future of ransomware is an interesting one. And we kind of have to look at the past in ransomware.
[00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out ransomware to anybody's email address. They could find and hoping people would click on it.
[00:12:24] And unfortunately, many people did click. But back then the ransoms were maybe a couple hundred dollars and you paid the ransom and 50% chance you got your data back. Isn't that terrible 50% chance. So what do you do? How do you make all of this better? Make your life better? Well, ransomware really, really drove up the value of Bitcoin.
[00:12:54] Bitcoins Ascension was largely based on ransomware because the bad guys needed a way that was difficult to trace in order to get paid. They didn't want the bank to just sweep the money back out of your account. They didn't want the FBI or other agencies to know what they were doing and where they were located.
[00:13:20] So, what they did is, uh, they decided, Hey, wait a minute. Now this whole crypto game sounds interesting. And of course talking about crypto currency game, because from their viewpoint, it was anonymous. So they started demanding ransoms instead of dollars, PayPal, even gift certificates that they would receive from you.
[00:13:46] They decided we're going to use some of the cryptocurrencies. And of course the big one that they started using was Bitcoin and Bitcoin has been rather volatile. Hasn't it over the years. And its founding was ethically. Empty, basically what they did and how they did it. It's just disgusting again, how bad some people really are, but they managed to manipulate the cryptocurrency themselves.
[00:14:17] These people that were the early. There's of the cryptocurrency called Bitcoin and they manipulated it. They manipulated people into buying it and accepting it, and then they managed to drive the price up. And then the, the hackers found, oh, there's a great way to do it. We're going to use Bitcoin. And so they demanded ransoms and Bitcoin, and they found that no longer did they have to get like a hundred dollar gifts, different kid for Amazon.
[00:14:46] Now they could charge a thousand dollars, maybe even a million dollars or more, which is what we saw in 2021 and get it paid in Bitcoin. Now Bitcoin is kind of useful, kind of not useful. Most places don't take Bitcoin as payment, some have started to because they see it might be an investment in the future.
[00:15:11] I do not use Bitcoin and I don't promote it at all, but here's what we've been seeing. Uh, and this is from the chief technology officer over tripwire, his name's Dave Meltzer. What we've seen with ransom. Attacks here. And the tie to Bitcoin want to cry back in 2017 was terrible and it destroyed multiple companies.
[00:15:39] One of our clients had us protecting one of their divisions and. We were using really good software. We were keeping an eye on it. In fact, in the 30 years I've been protecting businesses from cyber intrusions. We have never, ever had a successful intrusion. That's how effectively. And I'm very, very proud of that.
[00:16:05] Very proud of that. We've we've seen ransomware attacks come and go. This wanna cry. Ransomware attack destroyed every part of the company, except for. The one division we were protecting, and this is a big company that had professional it, people who really weren't very professional. Right. And how, how do you decide, how do you figure out if someone really knows what they're talking about?
[00:16:32] If all they're doing is throwing around buzzwords, aren't, that's a huge problem for the hiring managers. But anyways, I digress because having a. Particular series of letters after your name representing tests that you might've passed doesn't mean you're actually any good at anything. That's always been one of my little pet peeves over the decades.
[00:16:55] Okay. But another shift in the targeting of ransomware now is showing a major uptick in attacks. Operational technology. Now that's a real big thing. We've had some huge hits. Uh, we think of what happened with solar winds and how it got into solar wind software, which is used to monitor computers had been.
[00:17:24] And had inserted into it. This one little nice little piece of code that let the bad guys into thousands of networks. Now we've got another operational technology hack in progress. As we speak called vog for J or log for shell. Huge right now, we're seeing 40% of corporate networks are right now being targeted by attackers who are trying to exploit this log for J.
[00:17:53] So in both cases, it's operational software. It's software businesses are using. Part of their operations. So we're, and part of that is because we're seeing this convergence of it, which is of course information technology and operational technology environment. In many times in the past, we've seen, for instance, the sales department going out and getting sales force or, or something else online or off.
[00:18:25] They're not it professionals in the sales department or the marketing department. And with all of these kids now that have grown up and are in these it departments in their thirties and think, wow, you know, I've been using technology my whole life. I understand this stuff. No, you don't. That has really hurt a lot of bigger companies.
[00:18:48] Then that's why some companies have come to me and saying, Hey, we need help. We need some real adult supervision. There's, there's so many people who don't have the decades of experience that you need in order to see the types of holes. So. We've got the it and OT kind of coming together and they've exposed a technology gap and a skills gap.
[00:19:16] The businesses are trying to solve right now in order to protect themselves. They're moving very quickly in order to try and solve it. And there they've been pretty much unable to. And w we use for our clients, some very advanced systems. Hardware software and tools, because again, it goes back to the kind of the one pane of glass.
[00:19:38] Cisco doesn't really only have one pane of glass, but that's where it goes back to. And there's a lot of potential for hackers to get into systems, but having that unified system. That Cisco offers really helps a lot. So that's kinda my, my little inside secret there, but we walk into companies that have Cisco and they're completely misusing them.
[00:20:02] In fact, one of these, uh, what do you, would you call it? Well, it's called a school administrative unit in my state and it's kind of a super school board, super school district where there's multiple school districts. Hold two. And they put out an RFP because they knew we liked Cisco and what some of the advantages were.
[00:20:22] So they put out a request for proposal for Cisco gear and lo and behold, they got Cisco gear, but they didn't get it configured properly, not even close. They would have been better off buying something cheap and being still exposed. Like, you know, uh, I'm not going to name some of this stuff you don't want to buy.
[00:20:42] Don't want to give them any, uh, any airtime as it were. But what we're finding now is law enforcement has gotten better at tracking the digital paper trail from cryptocurrencies because cryptocurrencies do have a. Paper trail and the bad guys didn't realize this. At first, they're starting to now because the secret service and the FBI have been taking down a number of these huge ransomware gangs, which is great.
[00:21:16] Thank you very much for doing that. It has been phenomenal because they've been able to stop much of the ransomware by taking down these gangs. But criminal activity that's been supported by nation states like North Korea, China, and Russia is much harder to take down. There's not much that our law enforcement can do about it.
[00:21:42] So w how does this tie into ransomware and cryptocurrency while ultimately. The ability to tr address the trail. That's left behind a ransom payment. There's been a massive shift in the focus from government trying to tackle the underlying problem of these parolees secured curdle Infor critical infrastructure sites.
[00:22:06] And that's what I did training for. The eyes infra guard program on for a couple of years, it has shifted. Now we've got executive orders. As I mentioned earlier, from various presidents to try and tighten it up and increase government regulation mandate. But the big question is, should you pay or not? And I recommend to everyone out there, including the federal government recommends this, by the way, don't pay ransoms because you're just encouraging them.
[00:22:40] Well, as fewer and fewer ransoms are paid, what's going to happen to Bitcoin. What's going to happen to cryptocurrencies while the massive rise we saw in the value of Bitcoins will deteriorate. Because we won't have businesses trying to buy Bitcoin before they're even ransomed in order to mitigate any future compromise.
[00:23:06] So I love this. I think this is great. And I think that getting more sophisticated systems like what, like my company mainstream does for businesses that I've been doing for over 30 years is going to draw. Well, some of these cryptocurrencies like Bitcoin down no longer will the cryptocurrencies be supported by criminals and ransomware.
[00:23:35] So that's my hope anyways. And that's also the hope of David Meltzer, chief technology officer over at tripwire hope you're having a great year so far. You're listening to Craig Peter sohn.com. Sign up for my. At Craig peterson.com. And hopefully I can help you have a little bit of a better year ahead.
[00:23:57] All of these data breaches that the hackers got are not graded equal. So we're going to go through a few more types of hacks, what they got. And what does it mean to you and what can you do about it?
[00:24:13] Have I been B EEN poned P w N E d.com. And this is a website that has been put together by a guy by the name of Troy hunt. He's an Australian and it goes through the details of various. So that he has found now it's not just him. There are a lot of people who are out there on the dark web, looking for hacks, and there's a few different types of hacks.
[00:24:43] And of course, a lot of different types of information that has been compromised and gathered by the bad guys. And, um, stat just out this week is talking about how businesses are so easy. To compromise. It is crazy. This was a study that was done by a company called positive technologies, and they had a look at businesses.
[00:25:11] Basically they did white hacking of those businesses and found that 93% of tested networks now. 3% of tested networks are vulnerable to breaches. Now that is incredible. And according to them in dark reading, it says the vast majority of businesses can be compromised within one month by a motivated attacker using common tech.
[00:25:42] Such as compromising credentials, exploiting, known vulnerabilities in software and web applications or taking advantage of configuration flaw. Isn't that something in 93% of cases, an external attacker could breach a target company's network and gain access to local devices and systems in 71% of cases, the attacker could affect the business in a way deemed unacceptable.
[00:26:13] For example, every. Bank tested by positive technologies could be attacked in a way, the disrupted business processes and reduced their quality of service. It's a very big deal. And much of this has to do with the fact that we're not taking cyber secure. Seriously as businesses or as government agencies.
[00:26:41] Now, the government agencies have been trying to pull up their socks. I got to give a handout to president Biden. He really started squeezing many of these federal contractors to get security in place. President Trump really pushed it even back to president Obama, who. Pushed this fairly heavily. Now we're starting to see a little bit of movement, but how about the smaller guys?
[00:27:08] How about private businesses? What are you doing? So I'm going through right now. Some of the basic things you can get from, have I been poned and what you can do with all of that data, all of that information, what does it mean to you? So I'm looking right now at my business email address, which isCraig@mainstream.net, pretty simple Craig and mainstream gotten that.
[00:27:36] And I found because this email address is about 30 years old. Yeah. I've been using it a long time, about 14 data breaches and. Paste. All right. So what does that mean? What is a paste? Well, pastes are a little bit different than a regular hack. All right. The paste is information that has been pasted to a publicly facing.
[00:28:03] Website. Now there's many of them out there. There've been a lot of breaches of Amazon site of Amazon databases, Azure, all of these types of things. But we're, we're talking about here are these websites that are designed to. People to share whatever they want. So for instance, you might have a real cool program, wants to people, those to try out to you don't have the bandwidth to send it to them.
[00:28:28] You certainly can send it via email because it's much, much, much too big. So sites like Pastebin or out there to allow you to go ahead and paste stuff in and share the link. Pretty simple, fairly straightforward. Well, these pay sites are also used by hackers to make it even easier for them to anonymously share information.
[00:28:55] And many times the first place that a breach appears is on one of these paste sites. So have I been poned searches through these different pastes that are broadcast by a Twitter account called dump Mon, which is a site where again, bad guys are putting information out about dumps had been found as well as good guys.
[00:29:20] All right. And they. Port, uh, on, in the dump mom dump MUN Twitter account. If you're interested, it's at D U M P M O N. They report emails that are potential indicator of a breach. So finding an email address in a paste. Necessarily mean it's been disclosed as a result of a breach, but you should have a look at the paste and determine whether or not your account has been legitimately compromised as part of that breach or not.
[00:29:53] All right. So in my case again, for theCraig@mainstream.net email address, it was involved. In a paste. So let me see what it says. So let me see. It shows it involved in a pace. This is pace title AA from July, 2015. So this is information from published to a publicly facing website. I don't know if I click on that.
[00:30:22] What does it do? Yeah. Okay. So it actually has a link to the paste on AEs to ban. And in this case it's gone, right? It's been deleted. It could have been deleted by the Pastebin staff. Somebody told them to take it down, whatever it is. But again, have I been poned allows you to see all of the information that has been found by the top security.
[00:30:48] Researchers in the world, including various government agencies and allows you to know what's up. So let's have a look here at passwords. So if you click passwords at the very top, this is the other tool you should be looking at. You can safely type in the passwords you use. What have I been poned does is instead of taking the passwords from these hacks in the clear and storing them, it creates a check some of the password.
[00:31:21] So if you type a password into this, I'm going to type in P a S S w Z. Oh, excuse me. Uh, oh, is that, let me use a better password. P at S S w zero RD. One of the most common passwords on the internet, common passwords ever. Okay. So it says, oh no, poned this password has been seen 73,586 times B four. Okay. It says it, the passwords previously.
[00:31:53] Appeared in a data breach and should never be used if you've ever used it anywhere before change it. You see, that's why you need to check your passwords here. Are they even safe to use because what the bad guys have done in order to counter us using. Longer passwords. Cause it's not the complexity of the password that matters so much.
[00:32:16] It's the length of the password. So they don't have enough CPU resources in order to try every possible password from eight characters through 20 characters long, they could never do that. Would take forever or going to try and hack in. So what they do is they use the database of stolen passwords in order to try and get in to your account.
[00:32:42] Hey, I'm going to try and summarize all of this in the newsletter. So keep your eye. For that. And again, the only way you're going to find that out and get my summary today, including the links to all of this stuff is by being on my email list. Craig Peterson.com/subscribe. That's Craig Peterson, S O n.com/subscribe, stick around.
[00:33:09] Did you know, there is a site you can check your password against to see if other people have used it. And if that password has been stolen, it's a really great site called have I been postponed? And we're going to talk about it more right now.
[00:33:26] You know, I've been doing cyber security pretty much as a primary job function here in my career for about, let me see.
[00:33:37] Not since 92. So my goodness, uh, yeah, an anniversary this year. Okay. 30 years. So you're listening to a lot of experience here as I have. Protect some of the biggest companies in the world, the department of defense, defense, and military contractors all the way down through our local dentist's office. So over 5,000 companies over the years, and I helped perform what are called virtual CIS services.
[00:34:11] Which are services to help companies make sure that they have their security all lined up. And we also have kind of a hacker audit whether or not you are vulnerable as a business to being hacked. So we'll go in, we'll look at your systems. We can even do a little bit of white hat hacking in order to let you know what information is out there available about your company.
[00:34:39] And that's really where. Have I been poned comes in. It's a very simple tool to use and it gives you some great information, some really good information about what it is that you should be doing. What is that? I had a meeting with the FBI, one of my client's sites, because they had been hacked and my client said, yeah, go ahead and bring them in.
[00:35:03] And it turned out to be the worst infection that the Boston office of the FBI has ever seen. There were active Chinese backdoors in there stealing their information. Their plans are designed everything from them. Right there. Right. And, oh, it was just incredible to see this thing that it all started because they said they had an email problem.
[00:35:30] We started looking at more closely and we found him indications of compromise, et cetera. So it gets bad. I've been doing this for a long time. But one of the things that you can do, cause I understand not everybody can do what we do. There are some very complicated tools we use and methods, methodologies, but this is something anyone can do.
[00:35:53] Again, this site's called, have I been poned.com? You don't have to be a white hat hacker to use this. This is not a tool for the black hats, for another words, for the bad guys, for the hackers out there. This is a tool for you, whether you're a business person or a home user. And we talked about how you can sign up there to get a notification.
[00:36:18] If your account has been hacked. So I'm going to the site right now. Have I been poned, which is spelled P w N E D. Have I being B E N poned P w N E d.com. And I'm going to type in firstname.lastname@example.org, which is my main email address for the radio show and others. So good news. It says. Postage found. In other words, this particular email address has not been found in any of the hacks on the dark web that Troy has access to.
[00:36:56] Now, remember, Troy does not know about every hack that's occurred. He does not know about every data breach that has occurred, but he knows about a whole lot of them. And I mean, a lot. If you look on his site right there in the homepage, you'll see the largest breaches that he knows about drug. For instance, 510 million Facebook accounts that were hacked.
[00:37:24] He has the most recently added breaches. We just got an addition from the United Kingdom, from their police service over there. Some of the more recent ones include Gravatar accounts. Gravatar you might have a, it's a very common, in fact, 114 million Gravatar accounts information were compromised. So me at Craig Peterson is safe.
[00:37:52] Well, let me check. My mainstream email address now, mainstream.net is the website that I've been using for about 30 years now online. And this is the company that I own that is looking at how do we protect businesses? No. And we're a small company, basically a family operation, and we use a lot of different people to help out with specific specialties.
[00:38:21] But let me seeCraig@mainstream.net, this one's guaranteed to be poned all right, because again, that email addressCraig@mainstream.net is close to 30 years old. Uh, okay. So here we go. 14 data breaches. It says my business email address has been involved. Eight tracks back in 2017 and it says compromised data was emails and passwords.
[00:38:48] The Apollo breach in July of 2018. This was a sales engagement startup email address, employer, geographic location, job, title, name, phone number salutation, social media profiles. Now you see this information that they got about me from this Apollo breach. Is the type of information that they need in order to fish you now, we're talking about phishing, P H I S H I N G.
[00:39:17] And the whole idea behind fishing is they trick you into doing something that you probably. Should not do. And boy, do they trick you into it? Okay. So the data left, exposed by a Paulo was used in their revenue acceleration platform and it's data that they had gathered. That's fishing stuff. So for instance, I know my company name, they know where it's located.
[00:39:44] They know what my job title is, uh, phone numbers, uh, how to address me, right. Not my pronouns, but salutations, uh, and social media profile information interest in it. So think about all of that and how they could try and trick me into doing something that really is against my best judgment. My better interest makes sense.
[00:40:09] Co this big collection collection. Number one in January, 2019, they found this massive collection of, of a credential stuffing lists. So that's combinations of email addresses and passwords. It's the, uh, 773 million record collection. So what password stuffing is, is where they have your username. They have your passwords that are used on multiple accounts.
[00:40:40] Now, usually the username is your email address and that's a problem. And it really bothers me when websites require your email address for you to log in, as opposed to just some name that you make up. And I make up a lot of really cool names based on random words. Plus I have 5,000 identities that are completely fabricated that I use on various social media sites or other sites where I don't care if they have my right information.
[00:41:14] Now, obviously the bank's gonna need your information. You can't give it to the, you know, the fake stuff to law enforcement. Too anyways, but that's what credential stuffing is. They will use the email address that you have, that they found online in one of these massive dumps, or maybe one of the smaller ones are long with the passwords.
[00:41:39] They found that you use on those websites and they will stuff them and other. They'll use them on a website. They will continually go ahead and just try different username, different password combinations until they get in. Now, that is a very, very big problem called credential stuffing. And that's why you want to make sure that you change your password when a breach occurs.
[00:42:10] And it isn't a bad idea to change it every six months or so. We'll talk more about this when we get back, but I want you to make sure you go right now because we've got bootcamps and other things starting up with just probably mid to late January. And you only find out about email@example.com.
[00:42:32] Make sure you subscribed. .