Data breaches have become so common, they don’t cause much panic among users. A new one seems to arrive before the previous one has been rectified. “Collection #1” is the most recent breach. It’s a big one, more than twice the size of the Marriot attack in December.
Cybersecurity researcher Troy Hunt reported in a blog post Thursday, January 17, 2019 that Collection #1 infiltrated the privacy of millions of users. This massive breach of login information appeared last week on the cloud-sharing service MEGA. Collection #1 has hijacked more than 1.2 billion unique passwords and email addresses. Hunt wrote that 773 million email addresses were published to the cloud service, and there were more than 21 million unique passwords released within the breach, stored in plain text for anyone to see.
It’s unclear whether email addresses have been stored with their associated passwords. Hunt’s website, haveibeenpwned.com, allows users to run their email addresses and passwords through a search filter to learn whether they have been compromised. If both are reported to have been breached, it should be assumed someone has access to your account. Those using the same password for multiple sites are recommended to immediately change and begin using multiple passwords.
Using the same email address and password for multiple sites makes it easier for hackers to steal information. A cyberthief could gain access to your banking, retail or social-media accounts. This cyberattack is labeled “credential stuffing.”
So, what should you do? Change your passwords. A password manager would be the best option. The manager safely protects passwords for each unique site on which they are used. Managers also can generate passwords that are nearly impossible to guess. The user would need to remember a difficult, unique password to access the site. Some managers might charge a small monthly fee. They aren’t guaranteed to protect your passwords, but they will make it nearly impossible for a hacker to access them.
To discuss security strategy, contact Security Analyst Frank Verdecchia at firstname.lastname@example.org.