News of the latest global data breach of some 773 million e-mail address and passwords should prompt individuals and organizations alike to change their passwords – particularly for any accounts that have financial, credit card or other personal information.
The scope of this breach cannot be overstated as the list includes log-in credentials from more than 2,000 websites, according to an article on the website Marketwatch, which cited a report by security researcher Troy Hunt.
Hunt said that the files were collected from a number of breaches and uploaded to a cloud service called MEGA, and the data was promoted on popular hacking forums. MEGA eventually removed the data, so it’s not clear how many hackers gained access to the files.
Considering the size and scope of the data trove, you should immediately change your passwords on sites such as:
- Your online e-mail services (like Gmail, Hotmail, etc.)
- Your banking and other financial services accounts (retirement accounts, credit cards, etc.)
- All of your social media accounts.
- E-commerce sites.
- Subscription sites and other sites that store your credit card information.
Hunt has created a page on his website for anybody to check to see if their e-mail address and passwords were compromised. You can check here for free: www.haveibeenpwned.com.
Hunt said even his own data appeared in the giant trove of stolen e-mails and passwords, despite his intensive security practices as a privacy professional.
If you have employees, you should notify all of them about the breach and urge them to change their passwords. It should be an organization-wide endeavor.
To best protect your privacy, Hunt recommends using strong passwords, a password manager and two-factor authentication. Two-factor authentication requires users to input a code sent to their phone or e-mail for log in, adding an extra layer of security
Top five password tips
- Adopt long passwords – And don’t use things like $ for the letter “s” or 3 for “E”, and other such changes that hackers are on to.
- Avoid periodic changes – Instead, change your passwords only when you feel there has been a threat. Most people will recycle old passwords or make small changes to their existing password.
- Create a password blacklist – Use this as the list of codes to avoid when making a new password.
- Implement two-factor authentication – Two-factor authentication has already become a de facto standard for managing access to corporate servers. In addition to traditional credentials like username and password, users have to confirm their identity with one-time code sent to their mobile device or using a personalized USB token.
- Organize regular staff training – Nearly 41% of company data leaks occur because of negligent or untrained workers who open phishing e-mails. It’s important to train employees to detect and avoid phishing and other social media attacks.