Largest Breach Collection #1
773 million e-mail addresses leaked. Who should be worried and why?
Troy Hunt, a recognized cyber security expert announced last week a tremendous breach of sensitive information database known as Collection #1 (let’s hope they don’t make a sequel). The list includes unique e-mail addresses and passwords originating from many data rifts from uncountable sources. As in total there are nearly 773 million unique e-mail addresses and more than 21 million unique passwords listed in Collection #1, so it gives the hackers over ONE BILLION combinations worth trying to hack different online environments. And yes, that includes your private Instagram account.
What could happen next?
Or maybe not. In short, you should change your passwords as soon as possible if you have not done it in recent times. Unless you do so, any of your accounts run the risk of getting violated.
There’s a chance you could receive more and more e-mails staying threats as: “yes we know what you are doing on the Internet – ha-ha, you perv – send us (your rent’s money) in bitcoins and we’ll tell no one”. If a million people respond to this blackmailing attempt and transfer whatever funds they’re being asked, the hacker would enjoy a big sum of income and his/her revenge against humanity would be completed.
So what should everybody do?
If you have not changed your online passwords in a while, you should consider it an urgent move.
You did it? Cool! Step #2 consists on visiting Have I Been Pwned (HIBP).
The name is not that catchy, but this website created by Troy Hunt offers a free service in order to help people find out whether they suffered from malicious activities in the Internet. Check all your e-mail accounts (even the hotmail-one) and you will get message back in red if any is involved. HIBP can’t indicate which account(s) was/were hacked, therefore you’ll need to change every password if you discovered you’ve being compromised. Yeah, compromised sounds like you’re a secret agent, but hey, perhaps you are. So its better to change everything. After this you may check whether any of your passwords was also in the breach. The site HIBP includes a password search feature called Pwned Passwords.
Mr. Hunt, you deserve the first Nobel Peace of Mind Prize.
As one never knows, it’s better if we review the basics possible future attempts:
- Use different passwords for different online environments
- When possible, use 2-factor authentication
- Think of your sensitive data as your underwear: it’s the best for everyone if you NEVER share it
- Use a password manager in order to generate a unique password for each environment
You could also subscribe to HIBP and you’ll receive a free notification in the event a future pwnage occurs and your account is, once again, compromised.
So I should use a password manager, huh? What on Earth is that?
Bank accounts, work and personal emails, social networks, meme sites, and so on. Nowadays everyone has just too many passwords to remember. Many people use the same for every single account they manage and that’s… not ideal. A password should be like a penguin: exclusive to only one environment. They should not be easy to guess, so no phone numbers, birthday dates or your name written backwards. To Troy Hunt, the only perfect password is the one you can’t remember. Perhaps your mother’s birthday could work then (you should remember it though).
But let me introduce you to the perfect solution against this headache: get a digital password manager that keeps every one of your passwords safe and sound. You would only have to remember only one main password: the one to open you password manager :). It’s awesome!
If you find a digital manager too complicated as a solution, get a simple notebook, write down all your sensitive data and sleep on it. Put in under the pillow and literally sleep on it! Then wake up and put it in a safe. You’ll be more protected than re-using your passwords in different environments.
Though there are lots of digital password managers available, but I personally suggest you to use 1Password.
It’s available to use in all devices, operating systems and browsers (and that’s still no reason for you to use Internet Explorer). It syncs between your different equipment, keeps your logins and sensitive data as safe as Fort Knox.
I will write more about 1Password soon, but in the meantime stay safe and manage your passwords properly! Please spread the word when you think security is important for you.