Automatic Hacking Machine Uses Millions Of Stolen Passwords To Attack

Atlantis AIO is an automatic hacking machine.
getty
Don't say you weren't warned. The threat from infostealer malware has been made pretty clear as billions of passwords are reported compromised, 85 million of the newest being used in ongoing attacks, and even two-factor authentication in isolation might not be enough to save you as hackers use session cookies to bypass 2FA code protections. That threat has just been amplified by a report revealing how an automatic hacking machine called Atlantis AIO is using millions of stolen passwords to gain access to email, VPN, streaming services and even food delivery accounts.
Credential stuffing is not new; let's make that clear right from the start. However, it is a very dangerous attack methodology and is becoming increasingly so. Attackers are always looking to develop new tools that can help them carry out their attacks, as I reported March 15 after leaked Black Basta ransomware group internal chat logs revealed how it was using an automated brute-force attack framework. As both brute-force and credential stuffing terms suggest, these attacks essentially hammer an account with as many usernames and password combinations as possible in the hope that one will be correct and gain entry. OK, so that's the simplified explanation, but by using lists of stolen or compromised credentials readily available from dark web marketplaces and in various criminal forums, it's possible for hackers to access other accounts that share the same passwords.
A March 25 threat intelligence report from Abnormal Security has sounded the alarm about an automatic hacking machine, known as Atlantis AIO, that can take these millions of stolen passwords and use them in just such credential stuffing attacks.
'Atlantis AIO has emerged as a powerful weapon in the cybercriminal arsenal,' Abnormal Security analysts said, 'enabling attackers to test millions of stolen credentials in rapid succession.' Where Atlantis excels, however, is in providing pre-configured modules to automate the targeting of specific services, from email providers such as ing Hotmail, Yahoo, AOL, GMX, and Web.de, to streaming services, VPNs, financial institutions, and even food delivery services. In fact, the report revealed the Atlantis AIO hacking machine can be aimed at more than 140 different platforms.
'By offering pre-configured modules for targeting a range of platforms and cloud-based services,' the threat intel report warned, 'it allows cybercriminals to launch credential stuffing attacks at scale with minimal effort.' The secret to the success of this automatic hacking machine is its modular approach. This can be demonstrated across three areas.
The use of a password manager to ensure unique and strong passwords for every account, along with two-factor authentication for all your accounts, can help mitigate this kind of attack. Don't share your passwords between accounts is the most pertinent advice, follow it.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

CNET

3 days ago

• CNET

Two Ways to Generate Secure Passwords on Your iPhone With a Couple of Taps

We're steadily building towards a world with fewer passwords in it, thanks to passkeys, but we're not quite where we need to be to say goodbye to the string of alphanumeric digits quite yet. Luckily, it's never been easier to create a new password right from your iPhone. In fact, you have not one, but two ways to generate a strong password in a snap. Last year, iOS 18 brought the new Passwords app with it, which makes saving and creating passwords a breeze, not to mention killing the need of a third-party password manager for a ton of iPhone users. The Passwords app is easy to use and fairly robust in features, but what if you're holding onto an older iPhone that isn't compatible with iOS 18? Don't worry, you still have options to work with. Below, we'll show you how to make strong passwords on the fly, no matter what version of iOS you're on. For more, check out the best iOS 18.5 features you should know about. iPhone pro tip: Better protect your accounts with a physical 2FA security key Two-factor authentication adds another layer of security to your accounts, by asking you to verify your identity via text or app. However, the most secure 2FA option is with a physical key, like this one from Yubico, which you insert into your iPhone's charging port. A hacker would need both your password and this key to access your accounts protected by 2FA. Details $50 at Amazon How to generate a password with Apple's Passwords app If you have iOS or iPadOS 18 installed and just want a no-frills, easy way to generate a secure password on the fly, the Passwords app may be all you need. Here's how to do it. Open the Passwords app Tap the + symbol at the bottom right of the screen Ignoring the Website or Label and User Name sections, tap on the Password field, as if you're going to type one in -- not the Password label. A small "Strong Password Suggestion" will appear right above your keyboard. You can tap on the password suggestion to add it to the password section and copy it for use wherever you want. Generate a secure password in 2 taps with Apple's Password app. Nelson Aguilar You can add a website/label and username, as well as any notes, if you want to save these credentials and not just generate a password. If you want another password suggestion, just tap on any other text input field, like User or Notes, and then tap the password field again to get another suggestion. That's it. If that's all you want out of your password generator, it really doesn't get easier than this. However, if you want to be able to access your password from multiple locations, then maybe you should read on for the next option. How to generate secure passwords with a Siri Shortcut Using the link below, download the Generate Password shortcut onto your iPhone. This will automatically redirect you to the Shortcuts app -- tap Add Shortcut to download the shortcut on to your phone. The Generate Password shortcut will then appear in your library of shortcuts. Download: Generate Password (iCloud link) Generate Password will be saved to the Shortcuts section in the Shortcuts app. Screenshot by Nelson Aguilar/CNET Your on-demand iPhone password generator in action Once the shortcut is installed, you can use Generate Password to quickly create Apple-style passwords, which are 20 characters long and include two hyphens, a capitalized letter and a number ("fevNaq-1zumki-gorfoc" is an example). There are several ways to use Generate Password: Siri : Say, "Hey Siri, Generate Password." : Say, "Hey Siri, Generate Password." Share Sheet : Tap the share sheet in Safari or anywhere else, scroll down and tap Generate Password. : Tap the share sheet in Safari or anywhere else, scroll down and tap Generate Password. Shortcuts : Tap the Generate Password shortcut directly in the Shortcuts app. : Tap the Generate Password shortcut directly in the Shortcuts app. Back Tap: Go to Settings > Accessibility > Touch > Back Tap and choose the Generate Password shortcut. You can then tap the back of your iPhone to run the shortcut. The first time you run Generate Password, you'll be asked to give the shortcut access to your clipboard. Hit Allow to do so. From then on, anytime you run Generate Password, a password will be created and automatically copied to your clipboard. You'll also see a notification showing you the password. Hit Done when you're finished. Generating a password via Share Sheet (left) and Siri (right). Screenshot by Nelson Aguilar/CNET The password will expire from your clipboard in 10 minutes, so make sure to use it relatively quickly or else you'll need to generate a new password. You can press down in any text field and hit Paste to enter the password from your clipboard. Need more? Don't miss how iOS 26 basically turns your iPad into a Mac.

Forbes

5 days ago

• Forbes

Why You Should Stop Using SMS 2FA Codes On Your Smartphone

Yes, SMS codes are dangerous. 'The password era is ending,' says Microsoft, confirming its intent to push a billion-plus users to delete them altogether. For years, users have been pushed to add two-factor authentication (2FA) codes to those passwords. But those should be ended as well. They're not secure, and a new warning should see you stop using them now. According to Lighthouse Reports, 'Google, Amazon, Meta and thousands of other companies leave customers vulnerable over one-time codes to save time and money.' The report highlights one third-party SMS 2FA service provider, but it could have focused on other companies doing the same. 'Across the world, phone networks carry billions of passwords and login codes on a daily basis,' the team warns. 'For most people they are a necessary annoyance, until they are breached with damaging consequences.' Unfortunately, companies 'don't send login codes to their customers directly… they rely on a sprawling and opaque network of contractors and subcontractors' to send them instead. This means 'any of these middleman companies can see everything transmitted. The codes that come saying 'Do not share with anyone' might in fact already have been shared with more or less anyone.' That's why America's cyber defense agency warned Americans to stop using SMS 2FA after Chinese hackers compromised U.S. networks. Ironically, as bad as SMS 2FA might be, it's still better than nothing but when it comes to 2FA, most users actually do use nothing. Google has just warned that when asked about 'security practices used for personal online protection,' while 60% of U.S. consumers 'use strong, unique passwords… less than 50% enable 2FA.' Google, Microsoft and others are now leaving users in doubt what they must do — use passkeys instead of passwords or 2FA of any sort. And if passkeys are not available, then use an authenticator app that is linked to your smartphone. Passkeys and authenticator codes can't be intercepted, and passkeys can't even be shared — even if you want to or more likely you're tricked into doing so. Passkey adoption is still modest and that needs to change. This year we have seen a raft of password and 2FA bypass and interception warnings. The time to act is now. It seems incredible, that in 2025 the authentication adoption rates are still so low. 2FA usage grew from 33% to 45% between 2017 and 2023, but remains stuck on less than 50% even today, even as big tech makes it mandatory on many accounts. Stop using SMS 2FA codes and add passkeys to all eligible accounts. Use authenticator apps if not. If you persist with passwords only, prepare to be breached.

Forbes

15-06-2025

• Forbes

How To Use AI To Stand Out And Show You Are A Leader

Photo credit getty AI is entering the workforce at lightning speed, and it's here to stay. Its influence on how we work will only continue to grow in ways we have yet to imagine. Many professionals worry that AI will replace them. In fact, 42% of employees foresee AI replacing some of their existing functions, and 51% of 18-to 24-year-olds think AI will take on some or most of their tasks. The speed at which AI is being integrated into the workplace, along with the concern it's sparking with many professionals, presents you with an opportunity. Instead of fearing, resisting, or ignoring AI, use it to build your personal brand, elevate your value, and demonstrate that you're ready to take on bigger challenges. Here are four ways to use this powerful technological advancement to highlight your leadership potential. Leaders don't wait for change—they lead it. Showcase your ability to embrace change by rethinking what you do and how you do it. Ask yourself: How can AI help me work faster, smarter, or more strategically? Then, actively apply AI to all relevant tasks. Whether you're drafting content, analyzing data, preparing presentations, or exploring new ideas, experiment with how AI can support you. Don't wait for your boss to suggest or demand it. Be the team member who brings ideas and solutions. When you do, you're showing initiative, curiosity, and an innovative mindset. Every team needs someone who sees what's possible. Be the team member who's excited about AI. This will make you visible to those around you. Talk openly about AI's potential to help support the team's mission and help your colleagues succeed. Learn how it's being used in other departments, companies, and industries. When you become a source of knowledge and optimism, others look to you as a trusted resource—and a natural leader. As the team's AI ambassador, you position yourself as a change agent and a source of value that extends beyond your role. Nothing says leader like helping others grow. As you experiment with AI and refine the ways you use it, document your process. Build your own AI best practices. Then, share what you learn with your colleagues. Offer to mentor others who are just getting started. Write a quick how-to guide. Host a live demo. When you help others build their AI curiosity and expertise, you're not just showcasing knowledge, you're demonstrating that you're a leader who cares about the team's growth and success. Perhaps the most important thing you can do to use AI to showcase your leadership doesn't involve AI at all. The most impactful style of leadership today is authentic leadership. Authentic leadership highlights the human side of business. Let AI take on mundane, time-consuming, burnout tasks like generating reports, making sense of data, and even writing emails so you can spend your time demonstrating the leadership activities AI can't do. Take advantage of that freed-up time to hone and showcase these truly human leadership traits. The most admired and effective leaders today build their personal brands around their human capabilities, not their technical expertise. As AI takes on more work tasks, what makes you valuable is your ability to connect, engage, and inspire those around you. When you emphasize these human skills, you position yourself as an emerging leader, standing out from your peers. AI doesn't replace leadership, but it does change what leadership looks like. The future belongs to those who are tech-enabled while leading with humanity. When you embrace AI and commit to leading with authenticity, you won't just survive the AI era—you'll lead it. William Arruda is a keynote speaker, author, and personal branding pioneer. Join him as he discusses clever strategies for using AI to express and expand your brand in Maven's free Lightning Lesson. If you can't attend live, register to receive the replay.