The other day, over $600 in groceries was purchased on my Instacart account and correspondingly linked credit card. I did not order $20 in Fruit Roll-ups, but someone in Queens did. How did someone get into my account?
Last month, one of the largest collections of email and password combinations, including yours truly, was discovered on a popular hacking forum. The download contained roughly 2.7 billion records including 773 million unique email addresses and password combinations. This collection features many different data breaches from thousands of different sources, conveniently packaged to be implemented by anyone with $45 and access to the download link. It is the largest data breach in history.
Some of the staggering facts:
- 1,160,253,228 unique combinations of email addresses and passwords
- 772,904,991 unique email addresses
- 21,222,975 unique passwords
The news gets worse. That was just Collection #1. The hacker claims to be selling six more batches:
That’s 1 TB of stolen data, which would equal to about 31 billion lines of hacked emails and passwords.
“Should I Change My Password?”
At this point, you’re probably wondering if you should change your password. Luckily, it’s easy to check.
The breach was first reported by Troy Hunt, who created the free notification service Have I Been Pwned? This site allows anyone to see if their username and/or password has been compromised in a data breach.
Head to the passwords page to see if your password appears in the data breach. If so, change it to something secure ASAP.
If you are worried about entering your password on a random site, HIBP is essentially just a search feature. According to its privacy page, “the password is hashed client-side with the SHA-1 algorithm then only the first 5 characters of the hash are sent to HIBP per the Cloudflare k-anonymity implementation. HIBP never receives the original password nor enough information to discover what the original password was.”
Protect Your E-Mail Address At All Costs!
The last thing I’ll touch on is the importance of keeping your main e-mail address credentials secure. This is likely your most important password. Why? Because if a hacker gets into your account, it can then reset any password that is tied to your e-mail account. As you can see in the graphic below, created by Krebs on Security, your e-mail account often links to the majority of your financial, personal, and private life.
Remember the 4 easy tips to a secure password
- Create a strong password: Use a password keeper like Lastpass or Keeper to keep track of your passwords. Password keepers allow you access to all of your passwords by knowing just the one master password.
- Protect your password: Remember to change your passwords periodically, making your credentials a moving target for anyone attempting to access your data.
- Diversify your passwords: A recent study claimed 60% of people use the same password everywhere. You know better than this. Especially make sure you use seperate passwords for your personal accounts and your corporate business accounts.
- 2 Factor Authentication: Use your password with a second factor, like your mobile phone, fingerprint, or USB. This extra step makes it extremely difficult for you to be a victim of identity theft, privacy, and other cybercrimes.
Stay safe out there!
Jared Smith is HostDime’s SEO & Content Strategist.