There’s an old saying generally used to say someone is special. That saying is, “You’re one in a million.” Sounds rather sentimental and sweet, doesn’t it? However, when it comes to data breaches, being one in however many have been stolen is not at all sentimental. It is unsettling and can lead to identity theft.
If you are wondering about the second part of the title, I am talking about the discovery of more than 2.2 billion email addresses and a smaller number of passwords that recently turned up on the dark web. According to a blog post on Ashampoo, a set of 773 million email addresses and 21 million passwords called Collection 1, was circulating on the dark web. The worst part was that all the data was in clear text.
The story gets even better. A week later, Collection 2 and Collection 5 appeared. Where Collection 1 was a paltry 80 GB and 12,000 files, Collections 2 and 5 together totaled 600 GB. So far, analysis has revealed 2.2 billion emails and a smaller number of passwords. This time, not everything is in clear text. That is a bit of a silver lining in an otherwise bleak discovery.
Where the real problem occurs is for people who use the same email and password combination for multiple accounts. I have well over 400 different accounts that have passwords. I also have between 15 and 20 emails. To manage this, I have used a password manager for 20 years or so. Even at my best and sharpest, I can’t remember a lot of passwords. With a password manager, I only need to remember one. It is something I highly recommend you get.
Okay, back to the main story. The bad actors take common email and password pairs and use them in automated attacks on high profile websites like Amazon and eBay. This is called credential shuffling, and the theory behind it is this, if a person uses that combination several times, chances are good they have used it on an Amazon or eBay account. Unfortunately, this works a lot of the time.
If any of this has made you uneasy, you can find out if your email (or emails, as the case may be), has been compromised. The Hasso-Plattner-Institut has a database containing over 8 billion email addresses. You can click on the link above and head over to a page where you enter your email address. It will perform a search then send a report to that email address. Among other things, the report tells you if your email address has been compromised. Shown is the confirmation screen generated after entering your email.
Check all your emails to be safe. Change passwords as necessary using a strong password. The American National Institute of Science and Technology has published new guidelines for strong passwords. The good news is that they are less stringent than the earlier set in use today and are said to be more secure. Watch a video about the new recommendations and bring your passwords into the 21st Century!
And, get a good password manager. Choices abound, and free trials are available for some.
Speaking of security, when you need the highest level of secured communications for personal, business, or other use, look at the unique solution offered by CRIP.TO. Blending together a custom recipe of leading encryption algorithms with custom hardware and a smartphone app, the Shield and Black duo provide the best end-to-end encryption available outside of the military and governmental operations.
We all deserve the freedom to communicate fearlessly and with CRIP.TO securing your data, you can. Now, change those passwords from your pet’s name to something more secure.