Data theft / Uncategorized

One cracked, one hacked forever. Password stolen – and now?

One cracked, one hacked forever. Password stolen – and now?

Was my password stolen? Do you use easy-to-remember passwords? Do you use the same password for different portals? Answers to these questions are essential for the security of your digital identity.

We therefore recommend that you regularly check whether your data has been stolen and act accordingly.

Password stolen, individualized password lists, large data leaks.

A password list is a large text file containing many passwords used by unknown users on the Internet. Not only passwords, but also e-mail addresses are interesting for hackers, so that a personalized contact can be established.

At the beginning of the year, one of the largest records of passwords and e-mail addresses to date leaked out. These are approximately 773 million e-mail addresses and 21 million passwords. An extensive treasure.

With the help of such lists or data, hackers try to gain access to other people’s accounts. The greatest risk as a user is to use the same password for several portals. As soon as only one of these portals is hacked, your password will be on the list. This clears the way for numerous identity and fraud scams.

One cracked, hacked forever. A password stolen – and the digital identity also?

The password list is clearly too big to try it out completely. In order for a hacker to be able to crack the password in time, it is advisable to adjust the list.

Different approaches, partly from the social engineering field, are used for this. Assumptions that a Schalke04 fan will most likely not use Dortmund123 as his password support the attacker in sorting & filtering the list. A hacker tries to get to know his victim.

When the list is adjusted, he tries each of the remaining passwords with possible email addresses. So if your password has already been published and has an indirect connection to you personally, this password is most likely on the attacker’s list.

How can I protect myself?

Basically, we recommend using different passwords for each portal. Otherwise, there is an increased risk that your password will be stolen from a platform and published in this way. It is also advisable not to include any personal reference in the passwords. Therefore, you should refrain from using memory aids such as the child’s or friend’s name.

Long passwords, a separate password for each service and all this without memory aids – not an easy task to protect your own digital identity. If you now want to keep track of which websites you have registered on and which accesses could possibly be deleted, we warmly recommend a password manager. Whether this is off- or online, everyone has to decide for themselves. Known providers are among others:

Must I change all my passwords now?

No, just because a large record of passwords was published doesn’t mean your password was there, does it? To answer this question, Troy Hunt runs the website There you can check passwords as well as e-mail addresses. However, we advise against chasing actively used passwords through the database.

A German alternative is operated by the Hasso Plattner Institute in Potsdam. The Identity Leak Checker only reveals information as soon as you have verified yourself as the owner of the e-mail address.

It is crucial, however, that this information reaches those affected – whether via HIBP or the IDL.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.