A devastating malware attack has allowed hackers to steal millions of account logins for online sites and services.
Sign-in details for pretty much any online account you can think of – Apple, Amazon, Facebook, Netflix, eBay, Instagram – have been captured by those responsible.
It was first uncovered by cyber security researchers at NordLocker who explained that a Trojan-type malware stole the credentials between 2018 and 2020.
They found a 1.2-terabyte database of stolen login details that had been lifted from 3.25 million Windows PC. The database included payment information linked to bank accounts.
This type of custom malware, which was transmitted via email and illegally downloaded software, can be bought online for as little as $100 (£70), the firm says.
A Nordlocker spokesperson said a hacker group accidently revealed the location of the database which allowed them to discover the extent of the damage.
How to find out if your details have been stolen
All of the details trace back to 1,121,484 email addresses that were used to create the various accounts.
Thanks to the work of NordLocker and the free-to-use website HaveIBeenPwned?, anyone can run a search to see if their email has been caught up in the hack.
All you have to do is visit the website here and input any email addresses you use for things like Netflix, Instagram, Facebook, etc.
The site will tell you if you’ve been affected by the hack.
Next steps? Well, we would recommend immediately going to any and all services that you’ve signed up to with that particular email address and change the password immediately.
t may also be worth putting some extra antivirus software on your PC and running some scans to make sure there’s no malware hiding away somewhere.
If you need some help remembering, you can find a full list of all the compromised services here. It’s pretty much every online site you can think of.