You may have heard about a recent hacked data discovery, the largest in history. Up to 770 email addresses and passwords were posted to a popular hacking forum in December.
However, the security researcher who discovered the breach said in total there are 1,160,253,228 unique combinations of email addresses and passwords and 21,222,975 unique passwords.
While the number is staggering, over 1 billion email addresses and passwords, a lot of the hacked information comes from previous hacks according to the Have I been Pwned website. For instance, there are 360 million MySpace accounts hacked in 2008 and 164 million LinkedIn accounts hacked in 2016. That said, there are an estimated 140 million email addresses that have never been seen before.
Should I panic?
Not necessarily. It won’t solve anything. But if you’re one of those people who think it won’t happen to you, then it probably already has.
So you’re saying my email address and password have been hacked?
Given the scale of the hack the odds are quite high. The best thing to do is go to the Have I Been Pwned
website enter your email address and others if you have more than one. The website will do a swift search and let you know if your email address has been compromised. It might even tell you were the hack happened.
And if my email address has been hacked what do I do?
Don’t panic. If you’re still using the email account change the password and also enable two factor authentication.
Two factor authentication makes it extremely difficult for a hacker to access your account. Even if they have your email address and password they still need the code or PIN number that is sent to your phone.
You’ll also have to ensure that you change your details for any online account you use that has the same password. For instance, if you use your email address and password to access services like Netflix and Amazon you will most definitely need to change the password.
Why should I change my password?
Imagine you’re a hacker and you came across all these hacked addresses and passwords. After you’ve finished rubbing your hands in glee you’ll do something called ‘credential stuffing’.
Basically, hackers and fraudsters take these lists of email addresses and passwords then attempt to see on which other sites they work.
Credential stuffing is popular because hackers understand only too well that people reuse the same password on multiple services.
Targeted websites tend to be popular retail sites that sell a range of goods or services. On many of these sites, email addresses and passwords are the means to establish identities, enabling you make a purchase or access a service.
If your payment card details are stored with a site and you have been using the same password all over the internet you could be in trouble. The hackers can simply make purchases in your name though they would need to change address details for receiving goods.
Right, I am going to panic.
No, just simply change your passwords and make sure they’re not easy to guess. Go for a password at least 10 characters long that consists of a mixture of upper and lower case letters, symbols and numbers.
And be sure to create a separate unique password for each email account and each online account you have. This ensures that if your password is stolen hackers can’t access all your accounts.
How am I going to remember complex passwords for each online account I have? Some days my head is so full of things I barely remember my own name.
The simple answer is get a password manager; it does everything for you.
- A password manager generates random passwords for all the websites and apps that you use.
- The passwords are complex, hard-to-crack and unique.
- A password manager stores these passwords for you in a digital strong box.
- It automatically applies the correct password to the site or app you are using.
Of course passwords managers are not infallible, but what is? They are certainly much safer than using the same password across different sites.
The only thing you need to do is remember the password you create for accessing the password manager.