The Collection #1 Data Breach—Should You Worry?

January 22, 2019

Table of Contents

Last Updated on January 12, 2024

The largest public data breach ever just hit the web, with almost 800 million emails and over 21 million passwords “dehashed” and exposed as plain text. Dubbed Collection #1, this apparent amalgamation of over 2,000 breached data stores offers hackers vast potential to compromise services via credential stuffing attacks, in which bots automatically test millions of email and password combinations across multiple website login pages.

Don’t Worry, Be Happy?

If you use the same email/password combination on multiple sites, you’re especially vulnerable to account compromise and/or identity theft via credential stuffing or similar attacks.

Is the Collection #1 data breach cause for special concern? Or just more cybersecurity hype around yet another massive account data exposure?
Well, that depends on your password hygiene. Most of the data in Collection #1 is two or three years old. So:

If you change your passwords regularly in line with good practice—and this breach underscores why that’s a good practice—then why worry? Yes, your email address is very possibly mixed up in all this somehow (you can check on HIBP), but your password is most likely safe.
If you haven’t changed your passwords for accounts you care about in all that time, then why worry? Since you haven’t protected yourself on this basic level, you’re probably already exposed to bigger cybersecurity risks.

If “Hakuna Matata” doesn’t work for you, start changing those passwords. Using a password manager makes it much easier to use strong, unique passwords or passphrases. Making use of two-factor authentication whenever possible will also make your accounts significantly more secure.
To find out more about improving your organization’s password hygiene to reduce cybersecurity risk and keep your users and data safe, contact Pivot Point Security.

Is a penetration test really the service you need?

Without good Asset, Patch & Vulnerability management in place, a network penetration test could be a big waste of time and money.
Download the free inforgaphic now!

Download Now!

What's Next?

To hear this practical, best-practice oriented show with Temi Adebambo

Click Here

Pivot Point is now part of CBIZ. Click Here for more information.

Blog

The Collection #1 Data Breach—Should You Worry?

Don’t Worry, Be Happy?

Is a penetration test really the service you need?

What's Next?

What do you think? Is Digital Business Risk Management the Future of Attack Surface Management?

Search our Blogs

How Much Does ISO 27001 Certification Cost in 2024?

What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?

Virtual CISOs and Community Banks—Perfect Together

What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?

Data Privacy Compliance in Higher Ed: Now is the Time

What is a TISAX Simplified Group Assessment and Who Can Use It?

CMMC Proposed Rule Changes: What’s Changing and How to Prepare

What is Kubescape and Why Should We (as Cloud-Native Developers) Care?

Container and Kubernetes Security: A Nontechnical Introduction

What is a Container and Why are They So Popular with Developers?

What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?

The EU AI Act: 9 Top Questions Answered

SOC 2 Reports – Which Trust Services Criteria Do You Need?

6 Key Takeaways from the 2023 SOC Benchmark Study

CMMC Proposed Rule: New Guidance on CMMC Level 3

The New CMMC Proposed Rule—Answers to Your Top 9 Questions

ISO 27001 Accreditation: Why It Matters for Cloud Service Providers

How to Measure the Value of Information Security

2 Principles to Revolutionize Security Awareness Training

What is Cyversity and How Can It Improve Diversity on My Cybersecurity Team?

How can we help you?

Services

Compliance

Insights

Pivot Point Security