The password apocalypse looms

Consumer-facing web services providers like email, social media or cloud storage companies are wrestling with the impact of huge troves of hacked passwords available on the dark web.

The Wall Street Journal reported Monday on the implications of crime-facilitating databases like LeakedSource — where, for a $2 subscription, would-be cybercrooks can access more than 2 billion previously compromised passwords and the login names or email addresses with which they are associated.

Because most consumers — against expert advice — reuse passwords across accounts, a major hack like the 2012 compromise of LinkedIn can have reverberations across the whole Internet, the WSJ explained.

Although LinkedIn forced its users to reset their passwords, “[i]nvestigators estimate that maybe up to 8 percent of the LinkedIn usernames and passwords will work on other services, giving hackers a way to take over accounts elsewhere,” the paper reports.

When a major breach occurs, services can choose to force a reset on their customers, too. The WSJ reports that online backup provider Carbonite did so when the LinkedIn password trove was found on the dark web.

Other companies chose to analyze the trove, searching for any passwords reused by their own customers, and then advising or requiring only those affected to reset.