It’s probably a good time to change your password.
In January 2019 hackers have leaked and distributed a list of nearly 773 million unique email addresses and 22 million unique passwords in a folder labeled “Collection #1” on MEGA, a popular cloud hosting service.
These details can be used for credential stuffing, which is an automated process that tests these stolen credentials across multiple different websites, such as social media accounts or marketplaces like eBay or Amazon. Once a hacker gains access to an account they take as much information as they can, be it personally identifiable information, private documents, images, videos or debit/credit card numbers.
Although this isn’t the biggest online data breach in history (That currently sits with Yahoo at 3 billion user accounts), it is certainly hugely significant, containing over 87GB of personal information. The breach contains details from several data breaches since 2008 amalgamated into one big folder, so they could have come one of hundreds of websites.
You can check on Have I Been Pwned to see if your email address is included in this breach, or any others over the years the site has been running. “Have I Been Pwned” is a site ran by security expert, Troy Hunt. It doesn’t store any data you enter, so don’t worry if you have any concerns over the security of this site.
According to Troy, over 82% of the email addresses had been seen in previous breaches. 18% is still around 140 million new addresses, so if you’ve checked before, it’s probably worth checking again!
You can also use it to see if your password has been leaked anywhere, even if it isn’t linked to your account. It even had some of my old passwords on there, although thankfully I had the sense to change my passwords on anything with sensitive information years ago. I also tested this with the password “Hell0!” and received this result:
So, what should you do if your account has been compromised?
The best thing to do is to change the passwords for all your accounts across the net. Also, make sure it isn’t one you’ve used anywhere else before and don’t use the same passwords across different accounts, even if it’s a strong one. If one password gets leaked, then the hackers could access all your accounts.
We recommend using a password manager to keep track of multiple, difficult to remember passwords. Dashlane and 1Password are great paid examples with lots of features, but there are also free alternatives such as LogMeOnce (if you can cope with how horrible their whole website is!)
Of course it’s always best to have all your business data backed up in case of data loss. Credential stuffing isn’t the only way people are getting into your accounts and of course hackers aren’t the only threat to your data. Check out Datahive Cloud Backup for more information on how we can help with data disaster recovery.