Today, security expert Troy Hunt announced the discovery of 773 million leaked email addresses and passwords. He’s calling it the “Collection #1” Data Breach, and it’s possibly the largest in history.
What you should do
There are two places you can check to see if you’ve been affected.
First, visit HaveIBeenPwned.com – despite the cheesy name, this is possibly the web’s largest collection of information on data breaches, including Collection #1. Enter your email address in the big white email box, and click the button to check and see if it has been included in any of the known data breaches.
Second, if you’re reusing a password for multiple accounts (which you shouldn’t), visit the Pwned Passwords page to check and see if it was found in this or other data breaches.
(Never, in any other situation, enter your password on an unfamiliar website!)
If either of these searches come up positive (“pwned”), you need to update your passwords!
What if my email or password was found?
First and foremost, change your passwords. Using a password that has been compromised increases your risk of your accounts being accessed.
Inclusion in this breach or any other does not necessarily mean that any of your accounts have been accessed.
Finding your email or password on the HaveIBeenPwned website does not indicate any personal attack on your accounts. Unless you have seen unusual activity in your accounts, the best form of protection is to change your passwords.
You need a password manager
It’s 2019, and we all know we shouldn’t be re-using passwords. But with so many different apps and websites that require a password, it’s really difficult to remember a unique, secure password for each.
This is where a password manager comes in. I recommend LastPass, but there are several good password managers to choose from. The important part is that they securely store your passwords.
Most modern password managers come with browser plugins and mobile apps, which mean you never even see your own passwords. As long as you remember your master password, everything is gravy.
And if you refuse to use a password manager? At least write your passwords in a dedicated password book that you store in a private location in your home. It’s not a great idea, but it’s better than using “qwerty” for your Spotify account and online banking.
