Don't allow your credentials to be stuffed!Submitted by Prosperity Advisory Group on February 26th, 2019
by Scott Sirois
In case you missed it, last month the “largest collection ever of breached data found” was discovered. It contained more than 770M email addresses and passwords.
The collection was discovered by Troy Hunt, a security researcher. His opinion was such that the collection was probably “made up of many different individual data breaches from literally thousands of different sources, rather than representing a single hack of a very large service.”
After some careful review and analysis of this collection, the following was determined:
- there were 1,160,253,228 unique combinations of email addresses and passwords.
- there were 21,222,975 unique passwords.
- while most of the email addresses have appeared in previous breaches, “there’s somewhere in the order of 140M email addresses in this breach that has never been seen before.”
So, what does this mean to us?
Here are a couple take-aways that you should not miss …
- Change your passwords often! You should make a habit of regularly updating ALL your passwords for the primary purpose of not being caught up and possibly compromised in discoveries like this one.
- Don’t reuse your passwords! The primary use of a discovery like this one is a practice called “credential stuffing” attacks. This is where the attacker takes email and password combinations and attempts to “stuff” those credentials into the login pages of other online services and accounts. Because people typically reuse passwords to easily remember their login credentials elsewhere, attackers can use one set of credentials to unlock multiple accounts. You should have a unique password for EVERY login you have.
We have to learn and practice better and smarter habits while online to ensure we don’t allow our personal information to be compromised.
Stay tuned for more as we help you be “Fit to Click.”