2,400 Crore Credentials Leaked: Why Bangladeshi users should take this seriously

As a conscious end user in Bangladesh, you cannot ignore this finding. A good number of us still use the same email address and password across multiple services, including Gmail, Facebook, online banking, mobile financial services, e-commerce platforms and government portals. 

If our credentials are found in the leaked dataset, which is not a surprise that this author himself found his email id in at least three breaches, cybercriminals can launch credential-stuffing attacks, in plain English they can use the same password to gain access to multiple accounts of the same target person.


In reality the risk is amplified by our purchasing power and digital habits. A significant number of Bangladeshi users still have to rely on older computers, unsupported and cracked versions of Windows (like 10, 8, and even still 7 and XP releases are also seen in abundance) and outdated Android smartphones due to our purchasing power and increasing price of quality electronic devices. These devices and installed operating systems often no longer receive security updates, making them easier targets for ‘infostealer malware’ a type of software developed by cybercriminals that steals saved email ids, passwords, along with browser cookies and authentication tokens to mimic the victim.

Another concern is that many users remain logged into the same Google, WhatsApp, Facebook and other accounts across multiple devices, including old smartphones, shared family computers and office PCs. If one of these devices is compromised or lost, attackers may gain access to active sessions without even needing the account password. This could allow criminals to read emails, impersonate users, steal personal data or bypass certain security checks.

The widespread use of shared computers in homes, cybercafés, educational institutions and small businesses also increases the risk. If users save passwords in browsers or fail to log out after using a shared device, sensitive accounts can become easy targets.

Cybersecurity experts from Cybernews believe the newly identified database is largely a compilation of credentials stolen over time through infostealer malware, that often target older devices and operating systems, rather than the result of a single company's data breach. However, that does not reduce the threat. Old credentials remain valuable because many people rarely change their passwords or continue using the same password across different services.


What can we do now? 
Let's not rush for new devices and trash the older ones. Here is a universal cyberguideline for Bangladeshi users. 

First, a user can check if her/his data is found in the leak going to this site that the researchers are offering a search option. 
Or, a user can check from Have I Been Pawned a well known site for checking stolen information.  

1. Change passwords for important accounts immediately

2. Enable multi-factor authentication (MFA) using your smart phone- Google and Microsoft Authenticator apps are the most popular and user friendly ones. 

3. Use a password manager like KeepAss or KeepAssDroid to create and maintain unique passwords safely.  

4. Regularly review the list of devices logged into their Google, Facebook, WhatsApp and other online accounts. Any unfamiliar or inactive device should be signed out immediately. Users should also install the latest security updates and replace unsupported operating systems whenever possible.

5. Instead of using cracked and outdated Windows operating systems, users can adopt Linux-based distributions like Debian or Bodhi. Linux-based distributions are optimised for older devices, and focused on user security. 
‘Linux is Hard,’ the myth has been defunct at least for a decade, to be precise from 2013-14 when it increasingly got popularity among the young generation. Moreover, some desktop environments are more user friendly and intuitive than Windows 10 or 11. 
With a little to moderate effort, a security conscious user can make her/his older hardware super fast and safe by installing a Linux distribution without any cost of buying a licence.  

6. However, using Linux based distros on smartphones are still for advanced users. But many companies in Bangladesh are offering budget smartphones with latest hardware and software for mid to low income people. By doing basic googling and consulting advanced users, one can buy a moderately secure smartphone for their daily use.