As long as passwords exist, all these services can do is reduce the time between the theft of credentials and the victim’s response.
They do not address the fundamental problem and risks that passwords pose to the digital lives of users and companies.
In social engineering attacks, hackers trick their victims into revealing passwords and other sensitive information.
Credential theft has also become such a serious problem that it has given rise to an entire industry of “post-breach” services and experts for helping recover accounts and mitigate damage after breaches happen.
One example is Troy Hunt’s , a website that consolidates stolen credentials and can tell you if your username and password have turned up in any data breach.
Although it came at a very bad time, Coffee Meets Bagel isn’t the first and nor will it be the last case where hackers gain access to sensitive user records. And with every breach comes a feeling of dread and fear. For instance, if you’re using the same password across several accounts (you’re not supposed to, but many people do this, Credential theft has become the focus of a lucrative business on the dark web.
That last bit can be very scary, especially when a sensitive service such as a dating website becomes hacked (there have been But what’s worse are the unknown damages that data breaches and password leaks can cause.
In key logger attacks, hackers install a malware on the victim’s device which records their key strokes and sends the data to a server that belongs to the hackers.
The attackers then peruse the collected data for sensitive information such as username and password combinations.
In this case, the hashes of 1.5 million e Harmony passwords were uploaded to websites, where hackers were encouraged to join forces to crack them.
What really disappoints me is that e Harmony misses an opportunity to tell its users explicitly that if they use the same password on other websites they must change their passwords there also.
Will they be able to log into my account and see all my history and activities?
The latest batch of stolen user data, which included Coffee Meets Bagel, comprised a total of 617 million records from 16 websites and was being sold at ,000 worth of bitcoin on the dark web.
All the above attacks are possible only because of the existence of passwords and secrets to verify the identity of users.