It may be time to change your email password again, folks. It’s a strong beginning of the year for the dark web.
Looking back on the past few years, three things about data breaches are certain:
#1: they are becoming way more common than they used to be
#2: they don’t descriminate between businesses
#3: they are getting more massive one after the other
Let’s be honest, while no data breach is a good thing, some are more shocking than others. It would be one thing if our next door neighbour’s old email password was leaked and a totally different story if our bank or accountant were hacked. Since last week, the dark web has a new data breach champion and it’s called Collection #1. Precisely, that’s:
- 772,904,991 unique email addresses
- over 21 million unique passwords leaked in a public forum last week
Not so fun fact: The largest breach ever before Collection #1 was Yahoo!’s 2013 hack.
The hack was first discovered by security researcher Troy Hunt, who is also the founder of HaveIBeenPwned? – a website designed to check email addresses against data breaches and inform subscribed users if and when their login details have been exposed.
While how exactly the data breach originated is still a mystery, Hunt mentions it is a combination of other data breaches. In other words: an individual or a group has been combining details from previous data breaches into one file, with personal information from more than 2,000 data breaches is included. To get a better picture on how concerning this data dump is, Collection #1 has brought 140 million unique email addresses and 21m unique passwords to the Have I Been Pwned?’s overall database.
What’s more concerning is the fact that Hold Security researchers had previously gathered 99% of the data from this leak from other sources. Collection 1 had actually surfaced on underground hacking forums in October of 2018.
The login credentials in Collection #1 have also been dehashed. Otherwise said, the people, who stole the data were able to convert it into plain text. Someone with access to the Collection #1 folders will only need to scroll and click, in order to break into your email account.
Such records can be used for credential stuffing – a process which uses email and password combinations exposed in previous data breaches to attempt to log into websites. The approach is not that far off, as people tend to reuse the same password/email combinations for more than one service.
Turn on Two-factor authentication
Another breach, another reminder that good security practice is actually important. If you’re worried that your email account might have fallen in Collection #1, you can check at HaveIBeenPwned.
Here are a couple of other things on your checklist you need to mark:
- Update your passwords
It can be your favorite song lyric, book quote, movie quote or magazine cover. Do your best to keep passwords that are at least 9 characters long, have symbols, upper and lowercase letters.
- Keep your new passwords in an encrypted environment
Keeping your passwords and sensitive files in an encrypted environment makes it harder, and sometimes nearly impossible for hackers to take it. The easiest thing you can do is to create a simple spreadsheet in your Crypto Folder and add your passwords there. You’ll be access them from your phone and laptop, but they will be encrypted.
The Crypto folder is a special folder in your pCloud account, which provides an additional layer of encryption. All your files in the Crypto folder are secured with client-side encryption. “Client-side” refers to the moment when your files are actually encrypted. In our case, your data is encrypted on your PC , before it goes to any other destination. This means that, upon transfer, your data is already protected preventing the chance of data breach.
In fact, you can currently grab 2 TB storage for your files and Crypto for two years and we’ll give you 50% OFF.
- Turn on Two-factor authentication
Passwords are not the only way you can protect your files. Turning on two-factor authentication with an authenticator app will act as a second layer of protection in case someone gets a hold of your login credentials.
- Use a unique email address
Email addresses aren’t entirely private information nowadays, especially when you use them for your social media, newsletter subscriptions, monthly bills etc. While it’s not mandatory, if you’re working with important files, then it’s a good idea to create a private email address, which you use only for a single service.