Internet users can now search to see if their credentials were leaked in a recent malware campaign thanks to the efforts of two security researchers. If you find a match, it’s time to update your passwords.
RedLine malware operators recently waged a massive campaign that resulted in 6 million stolen credentials. Of those, 26% were already matched by haveibeenpwned, a free resource that anyone can use to quickly assess if hackers have their email, phone number or password.
Security researcher Bob Diachenko found that almost half a million were unique credentials – i.e. never-before leaked or stolen. The dataset of 441,657 unique email addresses stolen in the latest RedLine campaign have now been added to Troy Hunt’s breach checkup tool.
RedLine is a notorious info-stealer that enables bad actors to harvest saved credentials, autocomplete data, credit card information from popular web browsers like Chrome, Edge and Opera.
The malware can also make a system inventory to snag usernames, location data, hardware configurations, and information about the security solution deployed on the victim’s machine.
RedLine operators are also known to use the malware to steal cryptocurrency. The malware can download additional components to aid in furthering an attack, and it can take commands in real time from the command and control center.
Last week, a slew of LastPass users reported having their passwords compromised, which seemed to coincide with the recent RedLine info stealing campaign. However, an investigation into the issue found that at least some of those security alerts were likely triggered in error.
Bitdefender Digital Identity Protection scans the web for leaks of your personal data and monitors if your accounts are exposed. Using DIP, you can take swift action well before disaster strikes.