The recent outing of more than 700 million emails and their corresponding passwords, known as Collection 1, has underscored the importance of data security and its vulnerabilities. Moreover, a second leak containing more than 2.2 billion usernames and passwords has been announced, referred to as Collections 2-5. This corresponds to over 25 billion records, which have already been downloaded by over 1,000 individuals for unknown purposes, although hacking is the likely goal.
Despite the massive size of these two breaches, many security experts believe that this is just the beginning. This information will be used for attacks in many years to come and that there are an additional two data packages that contain more sensitive information that are being offered for sale by the same hacker behind Collections 1-5. These two are called ANITPUBLIC #1 and AP MYR & ZABUGOR #2. These files contain more than 3.5 billion user records including usernames, email addresses, passwords and even cell phone numbers.
While these data packages are gaining much recognition because of their size and scope, it is thought that the data may have been previously available for years prior and that the biggest change is that this is the largest aggregation we have seen, making it easier for hackers to obtain massive amounts of highly sensitive information easily.
How to Protect Yourself
Given the magnitude of the data contained in these collections as well as the availability of other data in smaller packages, it’s safe for most individuals to assume that at least one of the email addresses they use is compromised. However, if you want to verify what information of yours may be contained in these collections, you can try checking with a ‘white hat’ website such as Have I Been Pwned website, which allows you to enter your email in order to see if it is in any known database (pwned is a term from gaming, which refers to beating or owning another player).
In the event that you find your data is compromised, there are several actions you can take to protect your sensitive information and account security.
1. Change your email account’s username and/or password.
Changing the password for your email is the first step in ensuring security. This will make it so that hackers cannot log into your account with the existing compromised information and change your password to one you don’t know, essentially hijacking your account. If you want to reduce the vulnerability of your account in the first place, you may also consider changing your username. This is especially effective if your account includes your first and last name. Changing it to something that is harder to guess and identify will reduce the likelihood that it is targeted in the first place.
2. Change the password for all other accounts that use the same compromised password.
Once a password has been compromised, there is no turning back, and this problem can often extend to other accounts as well. Since individuals typically have only a few passwords they tend to use for most accounts, hackers are able to link any other related accounts and can generally use your email and password combination to gain access to those as well. This makes changing this information a vital step in the process as well.
3. Enable two-factor authentication when possible.
Many accounts now offer two-factor authentication, which requires the user to provide additional authentication, such as a smart card or hardware token the user has or a biological check such as a fingerprint or iris scan. This enhanced security measure can help security greatly.
4. Monitor your financial accounts and set up credit alerts.
Once you have changed all of the compromised passwords, it is still crucial that you continue to monitor all of your financial accounts. You can set up alerts for transactions that exceed a specified limit or when someone attempts to take credit in your name. This will add another layer of protection to your assets.
Int Tec Solutions provides their clients with many enhanced security measures and can assist with training staff and developing best practices.