Nearly 773 million accounts have been hacked, worldwide, allowing email addresses and passwords to be posted on a hacking website. This hack makes those who are affected’s social media and financial accounts vulnerable to cybercriminals.
Consumer Reports tells us that the personal information, which came from previous security breaches at numerous websites, has since been removed. But it’s a reminder that consumers should regularly change passwords for their email, social media, online banking, credit card and other important accounts. (Other protective measures are outlined below).
“In general, you should always assume there’s a strong chance that any account-password combo you have could be compromised,” says Justin Brookman, director of consumer privacy and technology policy for Consumer Reports. “So you should act accordingly.”
Australian security researcher Troy Hunt discovered the consumer files on the cloud service MEGA. “It’s made up of many different individual data breaches from literally thousands of different sources,” he explained on his website.
Hunt maintains the site Have I Been Pwned, which allows consumers to determine whether their email addresses or passwords have been compromised. You can check there to see if your information was included in this latest data dump.
While attempts to aggregate information from previous data breaches are not uncommon, this one, originally reported by Wired, is remarkable for its sheer size. It’s one of the biggest dumps ever of consumer data, surpassed only by two earlier data breaches from Yahoo, which compromised more than 1 billion accounts.
“The sheer volume of data is striking, but a lot, if not all, of this data was already out there, just scattered in different places,” says CR’s Brookman. “It is remarkable, though, that people are taking the effort to collate and host this data for free.”
This data dump included 772,904,991 email addresses as well as 21,222,975 unique passwords. About half of those 21 million passwords had not previously been leaked, to Hunt’s knowledge. Even though the data has been removed from the internet, it’s likely that cybercriminals had access to it before it was deleted.
Hunt stressed that verifying the veracity of the data in any kind breach is “non-trivial.” However, he added that his own information was included in the data dump. “My own personal data is in there and it’s accurate; right email address and a password I used many years ago.”
“it’s not easy to know how much of it is new and/or legitimate, but there is definitely personal data in at least some of it,” says Robert Richter, program manager for privacy and security testing at Consumer Reports.
How to Keep Your Data Safe
Here are four easy tips to help keep you safe online.
Use an alternate email: Most consumers are bombarded with requests for an email address. Sometimes you can simply refuse. But when you can’t, make sure you’re using an alternate email, known as a dedicated burner email, for your drugstore coupons and as the login for your favorite fishing forum. Keep a separate email, with a unique password, for your truly important accounts and don’t ever give it out casually.
Don’t reuse passwords: Hackers depend on the laziness of consumers. Cybercrooks may snag a password from a relatively inconsequential and easy-to-hack site–say a message board. And then hope that you used that same password for your on-line banking. While having a strong password is important, using a unique one is an even stronger defense, according to our experts. Having trouble keeping track of all your passwords? “Use a password manager, or just write them down in a hidden journal,” says Brookman.
Freeze your credit: In the wake of breaches of financial data, like the massive one at Equifax, it has become easier to freeze your credit. You can do so for free at the four credit bureaus. That prevents cybercriminals from taking out a loan or opening a credit card in your name. If you need to access your credit, you can temporarily lift the freeze, and re-institute it once you’ve gotten your loan or new account.
Monitor your accounts: Even after you’ve taken these sensible precautions, it’s important to take a moment to regularly check your important accounts for unusual or fraudulent activity and report any suspicious transactions immediately.
Are you one of these 773 Million Accounts? Comment below and let us know your thoughts. Want to keep them private? Shoot us an email to Outreach@