Have I Been Pwned has released a report on the largest collection of breached data dubbed “Collection #1”. The breach is reported to comprise more than 770 million email addresses and passwords posted to a popular hacking forum in mid-December, 2018.
In light of this massive breach of data, McAfee security expert Ian Yip, CTO, Asia Pacific, commented, “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks. Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.
It’s prudent for citizens to act fast and defend themselves. With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim. As an immediate next step, passwords need to be changed. If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.
Once your password is in the hands of a cybercriminal, they can gain access to personal and even financial information by painting a ‘picture’ of you. This is yet another alarming wakeup call for people who do not place importance on their online privacy, security and data protection. Cyber resilience must remain a high priority goal for organisations and citizens.”
Sergey Lozhkin, Senior Security Research, Global Research & Analyst Team (GReAT) at Kaspersky Lab stated “This massive collection of data harvested through data-breaches had been built up over a long period of time, so some of the account details are likely to be outdated now. However, it is no secret that despite growing awareness of the danger, people stick to the same passwords and even re-use them on multiple websites. What’s more, this collection can be easily be turned into a single list of e-mails and passwords: and then all that attackers need to do is to write a relatively simple software program to check if the passwords are working. The consequences of account access can range from very productive phishing, as criminals can automatically send malicious e-mails to a victim’s list of contacts, to targeted attacks designed to steal victims’ entire digital identity or money or to compromise their social media network data,” says Sergey Lozhkin, security expert at Kaspersky Lab.
“We urge everyone who uses email credentials for online activity to take the following steps as soon as possible:
- Check if your e-mail account has been exposed online by going to https://haveibeenpwned.com/
- Use strong passwords for your most important or sensitive accounts (such as internet banking, online payment or social media networks) and change them regularly.
- Consider switching to a password manager such as Kaspersky Password Manager. This way, you’ll only have to remember one master password that unlocks the secured vault with your other passwords.
- Implement two-factor authentication wherever possible.”
