Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

773 Million Email Addresses Compromised in New Data Breach

by Elizabeth Harper on January 21, 2019

The latest data breach to hit the internet isn't an attack on a big internet company like Facebook or Yahoo, when one billion accounts were breached. Instead, it's a massive collection of email addresses and passwords compiled from a number of data breaches. Dubbed Collection #1, this data dump includes 773 million email addresses and 21 million unencrypted passwords. Not all of those passwords are new — about half have been seen in previous breaches — but that leaves plenty of passwords that are now available to any crook who goes looking.

Security researchers believe these passwords are two or three years old, so the compromised passwords may not be current. Still, you shouldn't use that as an excuse to ignore this breach, because many of us use the same passwords on multiple sites. When one of those sites is compromised, hackers will take your login information and see if it works on other sites — which means having one password compromised can lead to lots of your passwords being compromised.

Worse, this may just be the beginning. The hacker selling Collection #1 has four more "collections" of data, which could include even more passwords. Even if your information wasn't compromised in Collection #1, it may be in one of these other collections. All of this data — nearly a terabyte of usernames, passwords, and other personal information — is being sold online for just $45. At a budget price like that, practically anyone could pick up your password.

What can I do about compromised passwords?

To check if your information is part of Collection #1, go to the website Have I Been Pwned, which tracks compromised accounts. Enter your email address and it will tell you if it's shown up in a known data breach. Whether you've been compromised by this breach or not, there's a good chance your data has been stolen at some point — and Have I Been Pwned will list every breach you've been affected by.

Now it's time to start changing compromised passwords and giving them strong, unique passwords. A good password should:

  • Include a mix of numbers, symbols, and letters
  • Be at least eight characters long
  • Be unique
  • Not be simple words or patterns, like "password" or "12345678."
  • Not include personal information like names or birthdays.

Go down the list of compromised accounts and change your passwords for each — and if there's a service you don't use anymore, delete the account so it can't be compromised in the future. (If you're having trouble figuring out how to delete an account, Account Killer can help you figure it out.) Once you've changed those passwords, it's time to change the passwords of any other accounts that use the same passwords. And for breaches like Collection #1, you should consider changing all of your passwords. It's a lot of work, but account security is worth the work.

To help you remember all of these passwords, we strongly recommend a password manager, which can keep track of all of your accounts. Most password managers will even suggest strong passwords for you, which takes the work out of changing passwords. All you have to remember is the password for your password manager and you'll have great security for all of your accounts. Our current favorite is Dashlane.

Add even more security

To further secure your accounts, you should add two-factor authentication to any accounts that support it. This means you'll have to enter both your password and another piece of information — usually a code that's emailed or texted to you — in order to log on. That means even if a hacker does get your password, they don't have free access to your accounts.

Check Two Factor Auth for a list of services that support two-factor authentication.  

[Image credit: computer hack concept via BigStockPhoto]


Topics

Privacy, News, Computers and Software, Internet & Networking, Computer Safety & Support, Blog


Discussion loading

gravatar

From MariaRose on January 29, 2019 :: 4:50 pm


I am a subscriber of the “have I been Pawned” site and heard about this the other day ahead of this newsletter. I have a feeling that this is connected to the Yahoo hack as part of a continued problem. I am following a diligent program of blocking any cookies from sites plus I have a program in place that advises me about the safety of any site before I attempt to reach the site. All my passwords have been changed multiple times over the years. I also switched from an Android system to a Mac system with a virus program on all my devices.

Reply

gravatar

From Josh Kirschner on January 29, 2019 :: 5:19 pm


Hi Mariarose,

Yes we heard of this through Troy Hunt, as well. It might be connected to Yahoo or not, we don’t really know. But it does appear to be data from old hacks rather than recent ones.

Unfortunately, blocking cookies won’t do anything to prevent these password breaches. And a program that notifies you of unsafe sites is helpful to prevent phishing attempts, but likewise won’t help with data breaches at the company level. Nor is this an Android/Windows vs Mac/iOS issue, since it is the sites you log in to that are compromised, not your devices.

The best thing we can do is to use unique, complex passwords for every site, and a password manager to manage those passwords. So when a site is compromised, it is harder to decrypt your password and unencrypted passwords can’t be reused on other sites. If you follow this plan, you shouldn’t actually need to change your passwords very often, since they will be inherently more secure, though it doesn’t hurt to do so as long as you’re not sacrificing complexity for ease of remembering.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.