Besides, many times cyber attackers use that information to make extortion and taking money from the victims.
There have been known cases of mailings in which the criminal tells the user in question that he has videos of his privacy or that he was recorded while looking at pornographic content or any other comment that works as a hook.
It is likely that the attacker does not have this content, but since he sends an email where he writes his password (to which he had access in some massive leak), this will make him doubt and he could fall into the trap.
In return, cyberattackers often ask for cryptocurrency transfers so that the content is not spread. It is important to point out that this type of extortionary practice should not be accessed because doing so fuels the spread of this type of crime.
What is recommended to do in these cases is to file a complaint with the corresponding entity so that a judicial investigation can be initiated.
What to do if the password was leaked
1. The first point is to change the password in the account associated with the leak and in all the others where that same password is used.
2. Generate a strong password. For which you can follow the steps indicated in this note.
3. It is important to note that the same password should not be used on all accounts. To have different options in each profile, you can use a password manager. Even the Google account has a built-in password manager, which can be accessed from here.
4. Activate the second factor of authentication. By enabling this option, the system will ask the user to enter their account, not only the password but also a second element that can be a token or PIN that is received by SMS or application. You can even choose, in the case of Gmail, to use an alert that reaches the mobile. Another option is to use a physical key as a second authentication factor.
This note explains step by step how to activate this security measure in different accounts.