Change Your Passwords: 560 Million Email Credentials Leaked
By now, you know you should change your passwords regularly – it seems like a new cybersecurity crisis is popping up every day. If you haven’t changed your passwords lately, now is the time officially: a huge database containing login credentials is roaming the Internet.
We don’t know who was behind the hack, but over 560 million emails and passwords were hacked – 243.6 million unique email addresses . The leak, first discovered by the Kromtech Security Research Center , was confirmed by security researcher Troy Hunt, who created the Have I Been Pwned website.
What kind of information does he have?
The good news is that there hasn’t been a new hack: the credential pantry is a collection of previous hacks on LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr, and more. Some of these violations are many years old.
What makes this database problematic from a security standpoint is how accessible it is to sensitive information. It basically compiled private data from various previous hacks to create one convenient database for hackers to access illegally.
Who is in danger?
Basically anyone who has never updated their credentials at the time of the initial violation. If you don’t track every hack and check your status every time, you may be at risk.
How to check if your credentials have been compromised
The easiest way to find out if your credentials are vulnerable is to visit Hunt’s website – Have I Been Pwned . Here you can enter your email address and see if your email address and password are secure.
You may have changed your password during the hack, but let’s be honest: you may not remember. If you scroll under the results, the site will show you what kind of violations you suffered. A subscription is required to view information on confidential violations. If this is your first time on the site and you get an awful “Oh no! message, it is best to take a screenshot of the result and change the password immediately.
Why screenshot? The site tells you how many “compromised sites” it is on (in other words, how many unique incidents required your credentials) and if there are any “inserts” – paste is when information is published to a public website. Saving this information (you can also write it down somewhere safe) can inform you in the future if you are violated again if the information in the results changes.
Don’t understand what’s going on? Everything is fine. Just change your email password to be safe. And be sure to create a strong password.