4 Things To Do After The Biggest Data Breach Ever
This month, security researcher Troy Hunt discovered a trove of stolen email addresses and passwords being sold on a hacker forum and the cloud-based service MEGA. Hunt named it “Collection #1” and believes that it’s a mass dump of stolen data, potentially reaching back to 2008 and containing 1,160,253,228 combinations of emails and passwords, affecting 773 million unique email addresses.
The good news is that the breach only contained passwords and email addresses. No social security numbers, addresses, or other important identifying information was included. The bad news is that it contained a lot of email addresses and passwords — the most ever, according to Hunt — and chances are high that one of your logins were compromised.
You can check to see whether or not your email address was compromised at Hunt’s site, Have I Been Pwned?. The site, however, doesn’t specify which passwords were compromised, as loading them on there would further compromise them. In response to users wanting to know which passwords were no longer viable, Hunt set up a site called Pwned Passwords where people can enter passwords. He recommends, however, that you only check on passwords that are no longer in use or that you are prepared to change, for security reasons.
Pwned Passwords has also been integrated into the password manager 1Password, which now includes the capability of checking to see if passwords are exposed. In 1Password’s case, however, the passwords are hashed before they’re sent out, meaning they’re safe from theft on the Pwned Passwords site.
If you’re concerned that your private data may have been exposed in this massive breach, here are four steps you can take to protect yourself.
1. Check and see if you’re exposed.
First things first: See if you were exposed. (And, realistically, you probably were.) You can check at Have I Been Pwned?
2. Download a password manager, if you haven’t already.
Second, if you haven’t yet downloaded a password manager, now’s the time to do it! Password managers make it easy to create unique, hard to guess passwords for every single account and to make them easily accessible. All you have to do is remember one master password, enter it to open your “vault,” and there’s all your info! There are a few different options out there, so shop around.
3. Change the passwords of any affected accounts.
If you discover that an account or a password has been compromised, go in and change that password. Use your new password manager to generate a hard to guess password and save it right away.
4. Set up two-factor authentication.
The final step you can take to protect yourself after a data breach like this is making sure you have two-factor authentication set up for every account that allows it. Two-factor authentication operates under the principle of “something you know and something you have.” The “something you know” is your password, and the “something you have” is a code delivered to you either via SMS text, an authenticator app, or via a device provided by service, which is often the case with banks. The idea is to protect your accounts even if the login info has been stolen by requiring more information before allowing anyone access to your account.
Data breaches are more common than most people would like to believe, so your best move is to stay on top of the news and be proactive. You can’t prevent your information being stolen, but you can keep using that password manager. Make sure two-factor authentication is set up. And stay informed.
Share this postInstall Tenta Browser Free!
Start protecting your online privacy today with Tenta Browser.