You have probably heard of one data breach after another these days, but this is one that you should really pay attention to: more than 772 million unique emails, along with more than 21 million unique passwords, have been exposed.
Troy Hunt, who runs the website “Have I Been Pwned,” first reported this breach, and he says that a huge file (87 GB) was uploaded to MEGA, a cloud service. This data was then sent to a popular hacking site, and now hackers have access to all of these passwords and email addresses.
This data breach, known as “Collection #1,” is very serious. However, it could just be the tip of the iceberg. There are claims that there are several more “collections” out there, and it could be as much as one full terabyte worth of data. This could be the newest “mother of all data breaches” if this is found to be true.
So, what does all of this mean for you? It not only means that your information could be part of this breach, but it also could mean that these password and email combinations could be used in a practice known as “credential stuffing.” What is this? It’s when a hacker uses known email and password combinations to hack into accounts. Basically, this could have an impact on anyone who has used an email/password combination on more than one site.
This, of course, is concerning because this particular breach has about 2.7 billion email/password combinations. On top of that, around 140 million of the emails, and 10 million of the passwords, were brand new to the hacking database, which gives the hackers even more ammunition to wreak havoc. The big lesson to be learned here is that you should always use good security practices when you create accounts online. You should never use passwords from one account to another, and you should definitely use two-factor authentication if it is available. If you don’t have a password manager, you might want to set that up, too.
Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.