Monster breach! In the week we passed, we saw great titles in the printed and online press for a huge leak of data.
Yes, someone gathered a very long list of 773 million unique email addresses and 21 million unique passwords.
But there is no reason to worry.
However, tech news reports with scary headlines: Gizmodo described the leak as "mother of all violations“. Wired referred to it as a "monster breach" and the Daily Mail as the "largest collection of hacked EVER data". Mashable was asking its readers to change their password.
Do not panic! Monster breach? No problem!
If you keep track of the news at iGuRu.gr, you will know that millions of Internet passwords are already in circulation. 2016, for example, reported that hackers wanted to sell 427 million MySpace passwords and 117 million passwords LinkedIn.
This new violation, called "Collection #1," is not as different as other violations of the past. According to Troy Hunt, a security researcher who discovered and analyzed the list, this collection includes 773 million unique e-mail addresses and 21 million unique passwords.
But let's just break the numbers:
This collection includes older data. From 773 million unique email addresses, only 141 million (about 18 percent) was not included in I Have Be Pwned, the Hunt database. And by 22 million passwords, only half was not already in the database.
So what's the risk?
The only real risk to cybersecurity is in the case of credential-stuffing. In these attacks, hackers try every possible combination of emails and passwords from the databases they have in their hands.
So if you use a unique password and two-factor connection, these attacks just will not work.
But changing the habit is difficult. For change and while we are still at the beginning of 2019, try something new for your safety.
Install a password manager.
It will make your life much easier, since you will not have to remember the codes you use. An app we often recommend on iGuRu.gr is Free Keepass Password Administrator. It saves everything locally (on your system, not the cloud) and with very strong encryption.
So you do not have to panic. See the above violation as an opportunity to upgrade your security. Install a password management application.