Danger lurks everywhere on the Internet. Almost every week, we have been hearing news about data breaches. However, recently, in what was considered one of the biggest data breaches ever, it was reported that more than 772 million email addresses and about 22 million unique passwords have been leaked.
According to Troy Hunt, Microsoft Regional Director and MVP for Developer Security, what he calls Collection #1 was just the first of many more data breaches on the way.
The data from Collection #1 is combined from more than two thousand sources and amounts to about 87GB. Reportedly, the package was available for sale on underground hacker communities. What’s worse, they can be accessed on plain texts.
Where Do the Data Come From?
The exact sources of the data cannot be identified yet. While big companies like Google or Microsoft have excellent security teams to watch out for hackers. You cannot be sure in the security of smaller sites, fun apps, free trials and other services available on the Internet.
So, if you are using the same email and password from your major accounts like Gmail and Facebook to your accounts on these smaller sites, chances are, you are very much exposed,
“People take lists like these that contain our email addresses and passwords then they attempt to see where else they work,” Hunt explained. “The success of this approach is predicated on the fact that people reuse the same credentials on multiple services.”
What to Do During Data Breach?
Find out if your account was breached- The first thing to do is to find out if your data has been leaked. Hunt collated all the addresses from this leak as well as some other previous leaks on the site Have I Been Pwned? However, it is probably a good thing to change your password to a stronger one even if you’re not on the list.
Change your password or credentials- You should immediately change passwords for all affected accounts. Make sure the passwords are strong and unique. Better yet, create a secondary email for all the little fun site and apps you try, which is not in any way connected to your major accounts. At least, the hackers won’t find a link.
Try to sign-up for a password management service- There are various free and paid password manager services available online. These apps store your log-in credentials and make your passwords different and hard to crack on any platforms you use. Paid apps are usually more reliable with fees of between $10 and $60 per month.
If you don’t want to sign-up for a password management service, you can create different strong passwords yourself and store your passwords in your web browser. Just make sure you turn on the two-factor authentication so you will get an email or SMS when your account is accessed in a different device.
These data breaches probably won’t go away for a long time. However, you can start taking precautions to protect yourself against it.