The largest public data breach ever just hit the web, with almost 800 million emails and over 21 million passwords “dehashed” and exposed as plain text. Dubbed Collection #1, this apparent amalgamation of over 2,000 breached data stores offers hackers vast potential to compromise services via credential stuffing attacks, in which bots automatically test millions of email and password combinations across multiple website login pages.
Don’t Worry, Be Happy?
If you use the same email/password combination on multiple sites, you’re especially vulnerable to account compromise and/or identity theft via credential stuffing or similar attacks.
Is the Collection #1 data breach cause for special concern? Or just more cybersecurity hype around yet another massive account data exposure?
Well, that depends on your password hygiene. Most of the data in Collection #1 is two or three years old. So:
- If you change your passwords regularly in line with good practice—and this breach underscores why that’s a good practice—then why worry? Yes, your email address is very possibly mixed up in all this somehow (you can check on HIBP), but your password is most likely safe.
- If you haven’t changed your passwords for accounts you care about in all that time, then why worry? Since you haven’t protected yourself on this basic level, you’re probably already exposed to bigger cybersecurity risks.
If “Hakuna Matata” doesn’t work for you, start changing those passwords. Using a password manager makes it much easier to use strong, unique passwords or passphrases. Making use of two-factor authentication whenever possible will also make your accounts significantly more secure.
To find out more about improving your organization’s password hygiene to reduce cybersecurity risk and keep your users and data safe, contact Pivot Point Security.
Is a penetration test really the service you need?
Without good Asset, Patch & Vulnerability management in place, a network penetration test could be a big waste of time and money.
