How one of the largest email services works with unreliable passwords.
Average monthly Yandex. Mail audience for the second quarter of 2023 Mail.ru The average daily audience was 48.9 million, and the average daily audience was 16.4 million. Hundreds of scenarios are implemented to ensure the security of each user. A year ago, information security specialists launched a new service for working with stolen passwords — Taneleer. We tell you what useful and interesting things came out of it.
Web interface for interaction of an analyst with Taneleer cold storage
The most popular compromised passwords are combinations of numbers, keyboard layouts, and words and symbols ( the number in parentheses indicates how many times the password was found in data leaks).
At the time of user authorization, Taneleer checks whether the password is stored in the leaked data storage. If the password is found in the vault, the system warns the mailbox owner that a fraudster may use their password to crack it, and recommends changing it to a more reliable one.
Notifying the user about password compromise
However, not all users are ready to change their password immediately after being warned about a hacking threat. But, as practice shows, repeated messages work. Over the past year, more than 1.4 million Yandex. Mail users were registered Mail.ru changed your password and secured your data.
In addition, passwords found in the Taneleer database can not be used when registering or changing your password in Mail.ru.
More than 1.4 million users were protected from possible hacking thanks to the work of Taneleer. Of course, this is not the only way to protect user data, so it is always important to follow the recommendations of specialists.
(c) https://www.securitylab.ru/news/541566.php
Average monthly Yandex. Mail audience for the second quarter of 2023 Mail.ru The average daily audience was 48.9 million, and the average daily audience was 16.4 million. Hundreds of scenarios are implemented to ensure the security of each user. A year ago, information security specialists launched a new service for working with stolen passwords — Taneleer. We tell you what useful and interesting things came out of it.
Who is Taneleer
User logins and passwords are increasingly being made publicly available due to numerous leaks on the Internet, so this issue is being resolved at a high level. More than a year ago, the information security team developed and launched a tool for working with leaks Taneleer — a large repository of publicly available login-password pairs. It is regularly updated, taking into account data about leaks of third-party services.
Web interface for interaction of an analyst with Taneleer cold storage
Pair: username and password
During the year of Taneleer's operation, about $ 2 billion was discovered. unique pairs of stolen usernames and passwords. Of these, about 843 170 811 passwords were paired with 1,035 397 604 logins.The most popular compromised passwords are combinations of numbers, keyboard layouts, and words and symbols ( the number in parentheses indicates how many times the password was found in data leaks).
At the time of user authorization, Taneleer checks whether the password is stored in the leaked data storage. If the password is found in the vault, the system warns the mailbox owner that a fraudster may use their password to crack it, and recommends changing it to a more reliable one.
Notifying the user about password compromise
However, not all users are ready to change their password immediately after being warned about a hacking threat. But, as practice shows, repeated messages work. Over the past year, more than 1.4 million Yandex. Mail users were registered Mail.ru changed your password and secured your data.
In addition, passwords found in the Taneleer database can not be used when registering or changing your password in Mail.ru.
Two-way work
Account security is the work of two parties, the service and the user. To further protect your account from fraudsters, the IB recommends that you not only set up a unique and complex password, but also set up two-factor authentication, add a backup email address and phone number. This allows specialists to inform the user in various ways about suspicious actions in the account, and also helps to quickly restore access to the account, if necessary.More than 1.4 million users were protected from possible hacking thanks to the work of Taneleer. Of course, this is not the only way to protect user data, so it is always important to follow the recommendations of specialists.
(c) https://www.securitylab.ru/news/541566.php
