A recent data breach known as Collection No. 1 now holds the record for largest public data breach by volume, according to an article by Gizmodo. First the facts: In the beginning of January, security researcher Troy Hunt found a large database – which consisted of 12,000 files and 87 GB of data – on the popular cloud service MEGA, which exposed more than 750 million unique emails and 21 million unique passwords.
Computer security experts confirmed many of those email addresses and passwords had been exposed in over 2,000 previous hacks. New email addresses totaled 140 million, while new passwords amounted to 10 million. Someone had also posted links to the database in a well-known hacker channel. The database was free for anyone to access.
The sheer size of Collection No. 1 is formidable in and of itself, but perhaps more alarming than that is the fact that the passwords are formatted in plain text, which means the hackers figured out how to de-hash the passwords from any encryptions that had been protecting them. Together, the sensitive email addresses and passwords amount to 2.7 billion combinations that could be used to access private accounts. This practice is called credential stuffing, and is especially threatening for users with compromised information who use the same email and password combination for multiple sites. Further investigations of Collection No. 1 revealed the existence of seven other collections that contain email addresses and passwords, though no one has reported anything more about them.
The details of Collection No. 1 illustrate the skilled proficiencies of dark forces on the web. However, there are plenty of processes and technologies just as sophisticated that defend against cyber threats. Let’s take a look at common password-related practices and software you can utilize to form a sound security strategy:
1. Don’t reuse passwords. This one may sound obvious, but reusing passwords is a common mistake. When users don’t generate unique passwords for different sites, they put their personal data in jeopardy of being exposed in the event of a breach.
2. Don’t share your passwords. Thieves will use your sensitive data for personal gain, which could wreak havoc on your life. Recognize your passwords are gateways to this data and take pride in preventing them from falling into the wrong hands. Keeping passwords to yourself maintains your privacy.
3. Use touch and voice ID. Some of the most valuable tech developments in data security have come in the form of fingerprint and voice identification. These features add another reliable layer of security, keeping account access on your person.
4. Enable two-factor authentication. Many platforms have started to require two-factor authentication, which requires you to log into accounts through more than one channel. Two-factor authentication increases data protection by making it harder for a hacker to impersonate a user. That is why we have added Single Sign-On and Multifactor Authentication standard to Abacus Private Cloud.
5. Invest in a password management system. Programs like LastPass, Zoho Vault, and Dashlane securely store passwords for all of your accounts, which empowers you to use unique and complex passwords while only having to remember one.
While scammers have recently become more efficient at hacking into data systems, security technology has become more sophisticated in its ability to protect against cyber-attacks. And even though the number of security threats and breach attempts have increased over the last few years, there are many solid defense strategies you can employ to mitigate your risk of being hacked.
Ready to feel more secure? Schedule a free cybersecurity assessment today, valued at $1000!