Troy Hunt, the creator of Have I Been Pwned has just found a massive collection of usernames and passwords sitting on the web. When I say massive, I mean massive. We are talking 1,160,253,228 unique login credentials (usernames and passwords). We have seen large dumps of credentials for sale on the web before. However there has never been a collection of this size.
This alone is concerning, but when you also consider that the information is not sitting hidden in some dusty corner of the dark web, but being openly discussed in various forums the alarms bells start to sound. Add the fact that the information is being given away and not sold and you have reached DEFCON 1. Now any miscreant with time on his hands can start banging away at websites with a free list of easily found credentials. This greatly increases the chance your account(s) will be compromised.
It’s a like finding a garage door opener while out for a walk with your dog. You may not have been planning on breaking into a garage, but when fortune smiles upon you, you take advantage of it and pick up that sucker and start seeing which doors it opens.
The good news is there are things you can do to protect yourself.
- Visit Have I Been Pwned and find out if you are affected.
- Change the passwords on affected accounts as well as any accounts using the same password.
If you aren’t reusing passwords, this is a relatively easy task. If you are then it sucks to be you and it may take you a while. On the up side, you do get to give those brain cells a good workout trying to remember all the accounts that used that password. I lied, that sucks to.
After changing umpteen passwords and straining to remember the names of all your accounts, you may want to stop reusing them and start using a password manager. KeePass is sitting on your workstation and is free to download and use at home. Give Verle Winsor a call to find out how to use it.
If you are ready to invest in a more user friendly tool, you may like Dashlane, 1Password, or LastPass . They all generate effective unique passwords for you and make logging in a breeze on all of your devices.