The security world has been rocked overnight by news of a database of hacked passwords of unprecedented size.
Over one billion password and username combinations, as well as upwards of 500 million email addresses are contained in the database, reportedly amassed by a young Russian crime ring, dubbed ‘CyberVor’ by Milwaukee-based firm, Hold Security.
At the time of writing, it is unknown which specific sites have been compromised, but the New York Times estimates that companies ranging from Fortune 500 giants to small businesses have been breached.
So, what can you do to minimise your risk in the face of this developing threat?
-
Assume you’ve been compromised.
Given the size of this breach, it is safest to assume that your data has been compromised and act accordingly. The average internet user can have hundreds of accounts, making it likely that one of yours has been affected.
-
Change your passwords.
Though it isn’t enough to secure your account from further breaches on already-compromised websites, changing your password on sites containing your financial, health-related, email or credit card data is a good first step. Also, be sure never to reuse your passwords amongst several accounts.
-
Step up your security.
Consider a password manager such as 1Password, LastPass or Dashlane. These services allow you to use strong and unique passwords for each website you’re a member of, reducing the risk of any data leak compromising all of your accounts.
-
Don’t stop at passwords.
Most major sites now offer an additional step to your usual login called two-factor authentication. In case of a password breach, your data can remain secure by requiring you to enter a secondary passcode texted to your phone. Click here to visit our guide to enabling two-factor authentication.
BreachAlarm will continue to keep you up to date on this breaking issue. Follow us on Twitter, Facebook and sign up to Email Watchdog to receive the latest security news and updates.