WEBVTT - 'Change your passwords' - 16 billion usernames and passwords leaked in worlds largest data breach

0:00:00.000 --> 0:00:03.520
<v Speaker 1>Earning news has emerged this afternoon that sixteen billion login

0:00:03.680 --> 0:00:07.360
<v Speaker 1>credentials on computers and apps and and other various forms

0:00:07.360 --> 0:00:11.080
<v Speaker 1>of software have been leaked in a new mass cybersecurity threat.

0:00:11.480 --> 0:00:14.360
<v Speaker 1>Sources are indicating this is the biggest breach of its

0:00:14.480 --> 0:00:18.439
<v Speaker 1>kind and it's likely going to affect us just everyday Australians.

0:00:18.440 --> 0:00:20.560
<v Speaker 1>If you're a user of Google, if your is of

0:00:20.600 --> 0:00:24.560
<v Speaker 1>Apple Meta which owns Facebook and Instagram, this may well

0:00:24.560 --> 0:00:27.320
<v Speaker 1>affect you. Trevor Long is our tech expert from EFTM

0:00:27.360 --> 0:00:30.120
<v Speaker 1>dot com. Great website it joins us. Trevor, should we

0:00:30.160 --> 0:00:30.960
<v Speaker 1>be worried about this?

0:00:31.680 --> 0:00:35.000
<v Speaker 2>I think we should. Everyone should realize that with sixteen

0:00:35.400 --> 0:00:39.680
<v Speaker 2>billion usernames and passwords and other details available to in

0:00:39.760 --> 0:00:42.440
<v Speaker 2>one source, so this is a discovery of basically a

0:00:42.440 --> 0:00:45.400
<v Speaker 2>big bucket of a lot of information. And this is

0:00:45.440 --> 0:00:47.360
<v Speaker 2>not one hack. I should be very clear, and it's

0:00:47.360 --> 0:00:49.680
<v Speaker 2>not Google got hacked or Facebook or Apple. This is

0:00:50.080 --> 0:00:54.920
<v Speaker 2>true malware and different means of obtaining this information. It's

0:00:54.960 --> 0:00:58.680
<v Speaker 2>all in one place, which means a hacker, a criminal,

0:00:58.840 --> 0:01:02.680
<v Speaker 2>a scammer can act that information and potentially scam you

0:01:03.120 --> 0:01:07.400
<v Speaker 2>or access other sites and other services you use where frankly,

0:01:07.440 --> 0:01:09.280
<v Speaker 2>we all know you're using the same password.

0:01:09.720 --> 0:01:13.000
<v Speaker 1>So would somebody would criminals be then able to sell

0:01:13.200 --> 0:01:14.680
<v Speaker 1>this information on sell it?

0:01:15.480 --> 0:01:19.520
<v Speaker 2>This would be it's basically a supermarket for the underworld.

0:01:20.080 --> 0:01:22.160
<v Speaker 2>They would come along and say I would like one

0:01:22.240 --> 0:01:25.120
<v Speaker 2>hundred million addresses please, and they will either go and

0:01:25.160 --> 0:01:28.040
<v Speaker 2>then target those people with scams, or they will target

0:01:28.040 --> 0:01:30.760
<v Speaker 2>those people with what's called credential stuffing. So that means,

0:01:31.040 --> 0:01:34.280
<v Speaker 2>let's say they obtained your details from shop A that

0:01:34.440 --> 0:01:37.200
<v Speaker 2>was hacked ten years ago, and there's your username of password.

0:01:37.480 --> 0:01:39.600
<v Speaker 2>They'll now take that use ermer password and try and

0:01:39.600 --> 0:01:43.200
<v Speaker 2>log into shop B or bank A and start trying

0:01:43.240 --> 0:01:47.360
<v Speaker 2>to access your online identity in other places and therefore

0:01:47.760 --> 0:01:50.480
<v Speaker 2>taking money from you or your identity. And that's the

0:01:50.480 --> 0:01:53.080
<v Speaker 2>real risk here, is that people are being defrauded of

0:01:53.280 --> 0:01:56.560
<v Speaker 2>their identity and their money through a breach I didn't

0:01:56.560 --> 0:01:57.160
<v Speaker 2>even know about it.

0:01:57.240 --> 0:01:58.880
<v Speaker 1>Is there any way? Is there any way you get enough?

0:01:58.920 --> 0:01:59.680
<v Speaker 1>You're a victim?

0:02:00.520 --> 0:02:03.720
<v Speaker 2>Not really? No, I mean in reality, these researchers say

0:02:03.760 --> 0:02:07.160
<v Speaker 2>that the data day saw was only available or exposed

0:02:07.200 --> 0:02:10.760
<v Speaker 2>briefly to them, which means that the people that held

0:02:10.760 --> 0:02:13.280
<v Speaker 2>the data have locked it away again. You know, are

0:02:13.280 --> 0:02:17.239
<v Speaker 2>more securely. Weirdly, it's securely locked away from the researchers,

0:02:17.639 --> 0:02:19.320
<v Speaker 2>so we don't know who's on the list. We don't

0:02:19.360 --> 0:02:22.560
<v Speaker 2>know how many people are involved with sixteen billion logins.

0:02:22.840 --> 0:02:25.639
<v Speaker 2>You have to assume it is millions and millions and

0:02:25.760 --> 0:02:28.560
<v Speaker 2>hundreds of millions of people globally. So we all have

0:02:28.680 --> 0:02:31.400
<v Speaker 2>to take these moments and go right. I need to

0:02:31.440 --> 0:02:33.440
<v Speaker 2>take a few things seriously. I need to make sure

0:02:33.480 --> 0:02:37.080
<v Speaker 2>my email, my bank, and maybe my social media and

0:02:37.120 --> 0:02:39.920
<v Speaker 2>those shops that you log onto regularly are all locked

0:02:39.919 --> 0:02:42.480
<v Speaker 2>down with a new and secure password.

0:02:42.120 --> 0:02:44.240
<v Speaker 1>And that password, so go through that process now. But

0:02:44.400 --> 0:02:48.000
<v Speaker 1>that password should be different from software to software, from

0:02:48.040 --> 0:02:50.760
<v Speaker 1>Facebook to your Google account to a shop.

0:02:51.600 --> 0:02:55.280
<v Speaker 2>Absolutely. So look, it's not the best security advice that

0:02:55.320 --> 0:02:56.679
<v Speaker 2>I give. Where I say, I don't mind if you

0:02:56.760 --> 0:03:01.200
<v Speaker 2>use the same password for Facebook and Twitter and social media, fine,

0:03:01.400 --> 0:03:04.080
<v Speaker 2>but do not use the same password you use for

0:03:04.120 --> 0:03:06.680
<v Speaker 2>your bank anywhere else. And do not use the same

0:03:06.760 --> 0:03:09.760
<v Speaker 2>password you use for your email anywhere else because those

0:03:09.800 --> 0:03:12.079
<v Speaker 2>two things. Bank obviously they take your money. If bag

0:03:12.240 --> 0:03:14.960
<v Speaker 2>it into your email, bag it into everything because they

0:03:14.960 --> 0:03:18.960
<v Speaker 2>can reset every password. And your password should be long

0:03:19.040 --> 0:03:21.800
<v Speaker 2>and strong, and that means Just pick three words, three

0:03:21.919 --> 0:03:25.359
<v Speaker 2>words that you can remember, put them together into one password,

0:03:25.680 --> 0:03:28.280
<v Speaker 2>and that will then become memorable to you and something

0:03:28.280 --> 0:03:29.720
<v Speaker 2>that you can use quite efficiently.

0:03:29.880 --> 0:03:31.680
<v Speaker 1>Good advice. We can read about it on your website

0:03:31.680 --> 0:03:34.920
<v Speaker 1>at EFTM dot com. Thank you, trev cheuse mate, Trevor long,

0:03:35.000 --> 0:03:37.320
<v Speaker 1>quarter past three. Just do it tonight. Just make sure

0:03:37.360 --> 0:03:39.600
<v Speaker 1>you don't use the same password critically for your bank

0:03:39.680 --> 0:03:40.720
<v Speaker 1>and your other services.