I have written about general user security several times over the last years, and the recipe is always the same: 

• Install a good anti-malware product

• Make sure your applications and operating systems are patched

• Don't click or open unexpected or unknown links/attachments.

Even with the best practices, there is malware that is stealthy enough to avoid detection.

Recently security researchers from Nerdlocker followed a trail left by sloppy hackers. To everyone's surprise, they found 1.2TB of files, cookies, 900K images, 600K word files and credentials stolen from over 3M computers. The data was obtained through malware that stole data from user desktops and downloads folders.

• The data is relatively fresh, and ~30% of the cookies were still valid.

• 1M website logins (including the 4 horsemen of the internet) Amazon, Facebook, Twitter and Gmail. 

So what next

The malware is stealthy and cannot be easily detected by antivirus products. 

However, the information has been added to the HaveIBeenPwnd service. 

As previously described, you visit the site, enter your email address, and it will tell you if you are part of this breach (or any other).

How do you protect yourself in the future?

• Use long unique passwords for each site with the credentials stored in a good password manager (like 1Password and BitWarden)

• Use a good reputable antivirus, update your software and operating system.

• Make sure you regularly delete your cookies. I have written about extensions that automate this in the past.

• Install a good anti-malware product

• Make sure your applications and operating systems are patched

• Don't click or open unexpected or unknown links/attachments.

  
  Links: 

• Nerdlocker blog post

• Ed's favourite things - Best Password Manager

• Downloaded over a billion email addresses and passwords this weekend