Monster breach! In the week we passed, we saw great titles in the printed and online press for a huge leak of data.
Yes, someone compiled a very large list of 773 million unique email addresses and 21 million unique codeof access.
But there is no reason to worry.
However, tech news reports with scary headlines: Gizmodo described the leak as "mother of all violations“. Wired referred to it as a "monster breach" and the Daily Mail as the "largest collection of hacked EVER data". Mashable was asking its readers to change their password.
Do not panic! Monster breach? No problem!
Αν παρακολουθείτε τα νέα στο iGuRu.gr θα γνωρίζετε ότι κυκλοφορούν ήδη εκατομμύρια κωδικοί πρόσβασης στο διαδίκτυο. Το 2016, για παράδειγμα αναφέραμε ότι hackers ήθελαν να πωλήσουν 427 εκατομμύρια κωδικούς πρόσβασης του MySpace και 117 εκατομμύρια κωδικούς πρόσβασης του LinkedIn.
This new breach, called “Collection #1,” isn't all that different compared to other breaches of the past. According to Troy Hunt, a researcher better safetys who discovered and analyzed the list, this collection includes 773 million unique email addresses and 21 million unique passwords.
But let's just break the numbers:
This collection includes older data. From 773 million unique email addresses, only 141 million (about 18 percent) was not included in I Have Be Pwned, the Hunt database. And by 22 million passwords, only half was not already in the database.
So what's the risk?
The only real risk to cybersecurity is in the case of credential-stuffing. In these attacks, hackers try every possible combination of emails and passwords from the databases they have in their hands.
So if you use a unique password and login with two factors, these attacks simply won't work.
But changing the habit is difficult. For change and while we are still at the beginning of 2019, try something new for your safety.
Install a password manager.
It will make your life much easier, since you won't have to remember the codes you use. A application that we often recommend on iGuRu.gr is o Free Keepass Password Administrator. It saves everything locally (on your system, not the cloud) and with very strong encryption.
So you do not have to panic. See the above violation as an opportunity to upgrade your security. Install a password management application.
________________