The well-known security expert Troy Hunt has just posted about a list of email addresses that contains emails and passwords collected from data breaches covering several thousand sources. Some even dating back to 2008.
The collection contains more than 773 million unique email addresses, but it contains 2,692,818,238 rows of emails and passwords, so some emails occur more than once. There are more than 2,000+ sources of data, so it is not from a single breach but from many breaches over the last 10 years.
The large number of emails raises the probability that your email address is on the list. If you want to check if you are on the list, you can go to https://haveibeenpwned.com/ and enter your email address. If you find yourself on the list, we suggest you do the following.
- Change the password for your email.
- Change the passwords on all websites where you use the email as a username or login
- Change the passwords in all the apps where you use the email as username or log in on your phone or tablet.
- If you don’t have a unique password for your bank then change it to a unique password. Add numbers, symbols, etc.
- Make sure you are using different passwords everywhere. It means that if one website or app is hacked, the hackers cannot log in everywhere where you have an account.
It is important that you change your password everywhere if you are not always using unique passwords, as the list has been distributed among hackers that for certain will try their luck with the information on the list. E.g. they will try to use your email and password on Facebook in the hope that you have used the same email and password on Facebook. Then they will go on to other social media, Amazon, Gmail, and other resources. It can be Netflix where working accounts can be sold for a nice profit.
Now it might be overwhelming to use and remember unique passwords to all the places you shop online, and all the other websites and apps. In that case, you can use a service like LastPass, that works like a kind of password vault. LastPass will save and protect all your passwords and will even help you to create some very strong passwords. You can learn more about LastPass here
Finally, you should consider a VPN connection to keep all your traffic over the internet safe. Read about how a VPN connection keeps you safe here.
For those who want to learn more, you can read Troy Hunts blog post here.