If you were casually browsing through tech news earlier last week, you may have come across the news that millions of emails and passwords (perhaps even yours) have been dumped online (data breach). A monster data leaked called Collection #1 was discovered by security researcher Troy Hunt of Have I Been Pwned. Collection #1 first appeared on the popular cloud service called MEGA before being shared on a hacking forum. This means your login credentials may have been exposed to hackers. The folder consists of hundreds of millions of email addresses and tens of millions of passwords which held over 12,000+ files that weigh in at over 87 gigabytes. What’s truly surprising about this data is that it was not on sale; it was available for anyone on the internet to take it.
You may be puzzled over the question how was all this data collected? According to sources at McAfee, this data comprised of a breach of breaches, aggregating over 2,000 leaked databases containing cracked passwords, in order to achieve maximum exposure. The large volume of this breach makes Collection #1 the second largest in size to Yahoo and makes it the only public breach has given that the data was openly exposed on the internet. Given the sheer amount of data which has been exposed online, chances are you may have been affected by this. This is a serious concern though reports do not say anything about details like credit card details or bank details being stolen.
Stop doing whatever you are doing now and head over to Have I Been Pwned – a website founded by Troy Hunt which allows anybody to search whether their own email or password has been compromised by a breach. All you have to do is enter your email address and the results will give you the answer. If your email address was a part of the Collection #1 there will be an entry about that in have been pwned. If it’s not there, consider yourself lucky. But if it is there, that’s where the panic attack begins. The first step would be to change the passwords of all your accounts. A wise tip – never use the same password for all accounts, use a combination of small and big letters and symbols to create strong passwords for your accounts. Though Collection #1 does not seem to include logins and passwords from well-known leaks such as LinkedIn leak that happened back in 2012, if you think that your business data or personal data is leaked online or you feel the need to wipe your data from your storage or memory devices, then you can get in touch with us at Surplus Service. We provide businesses and organizations with a full range of services needed to make electronic disposal easy including wiping confidential data in a manner that makes it inaccessible to be retrieved by anyone.
Users can also download a password manager software package that is available online such as 1Password or LastPass. A password manager provides a user with a secure vault to store all your passwords. Many products also allow the option to store the details of your credit card and banking information securely along with your passwords. The sole purpose of the password manager software is to keep passwords safe. Ensure to enable two-factor authentication wherever possible, but especially for emails. And please do not use the same password for every website you subscribe to, every email account, pay for, or simply use free features of. If you use a unique password and two-factor, these attacks will just not work.
Don’t panic, have a cup of tea. It’s time to raise our awareness toward the self and to those around us. If you know about individuals, businesses or organizations who are looking for someone to assist them with wiping their data from their storage devices, please get in touch with our experts at Surplus Service, the data security service provider in San Jose today.