A newly discovered database of 772M unique emails and 21M passwords that were collected from many data breaches called “Collection #1” was discovered and reported yesterday.
Collection #1 was first reported by Troy Hunt, a security researcher who runs Have I Been Pwned. HIBP is a website where you can discover if your email or password has been compromised.
A follow-up article posted at KrebsonSecurity suggests that the information in this breach is a couple of years old.
That said, this latest breach turns a brighter spotlight on security and Intivix clients have reached out to ask what to do.
After checking if your email address has been compromised, check if specific passwords for important accounts are part of the breach here. If any of your passwords are on that list, change them immediately.
Here are some ways to protect yourself immediately:
- Consider a password manager to make it easier to assign a unique logon credential for each website or service. Passwords should never be reused across multiple sites and services. Each should be unique.
- We recommend that clients implement two-factor authentication and consider single sign-on technology company-wide.
- We recommend that clients implement a security awareness training program to reduce risk. The majority of infiltrations result from human error.
- Passwords should follow good security practice: avoid dictionary words, be of at least eight characters in length with a mix of capitals, special characters, and numbers.
These types of security breaches are going to continue to happen. Businesses small and large need to be aware of this new reality, especially as some studies report that up to 60 percent of hacked companies go out of business.
We will be writing more about security in upcoming blog posts. Keep an eye on this space.
Contact us if you’d like to discuss the options available to your business.