You may feel like data breaches are a daily occurrence, and you’d be right. But this latest one, named Collection #1, is a monster — exposing more than 773 million email addresses and 21 million passwords.
In all likelihood, you were a victim of this breach. Now, your accounts are vulnerable.
The breach was reported by Troy Hunt, who runs the site Have I Been Pwned. On his site, you can check to see if your email address has been compromised. Hunt noticed the breach when a giant file containing 12,000 separate files and 87GB of data was uploaded to a cloud service called MEGA. That data was then posted to hacking forums. In total, the breach seems to be a blend of over 2,000 databases.
If you find that your email address has been exposed in Collection #1 (or any other breach, for that matter), the information could be used to hack your accounts. If your password was also included in the breach, this becomes a major problem—especially for those who use the same password for multiple accounts.
Hunt’s site allows you to see if your password was involved in the breach. If it was, change it immediately. Make sure you set up a unique password for each account you have.
4 tips to protect your accounts
Here are some quick and easy things you can do to create a healthy online security routine:
Start using 2FA
Use Two Factor or Two Step Authentication (2FA) on every account where it’s offered. With 2FA, you log in to your account and enter your password. You’ll then be sent another code, usually to your phone via text. You can only enter your account with both your password and the code. This adds an extra layer of security; even if a hacker has your password, they’d still need access to your phone.
Set up a VPN
A VPN, or virtual private network, is an app that encrypts your WiFi connection to make you anonymous online. This means that hackers on the same WiFi network as you, like when you’re at a coffee shop or airport, can’t breach your data. Hotspot Shield VPN can be downloaded for free on your laptop and mobile device.
Use a password manager
One important tip is to start using better passwords. You don’t want to use the same password from one site to another, and you want to make sure that the password is completely random. The best passwords are those that are long and include random combinations of letters, numbers, and symbols. However, those are tough to remember; a password manager will securely remember it for you.
Buy security tokens
You also might want to consider buying a Yubikey. These keys are actually like your own private encryption method. When you enable it, no one—not even you—can access your accounts without this key. For a hacker to get into an account, they would need your password, your mobile phone, AND your security key. Effectively, your accounts will be like Fort Knox and a hacker will likely give up in search of a less secure person to victimize.
These tips are not difficult to implement, but as with everything, the key is getting started. Once you’re in the routine, your personal data will be that much more secure from giant data breaches like Collection #1.