In what’s becoming an all-too-common occurrence, another large trove of personal information was released online in recent weeks. The group of files, known as ‘Collection #1’ was discovered by security researchers being shared on the public file sharing service, Mega. The collection included over 770 million unique email addresses and 21 million passwords after being cleaned-up by researcher Troy Hunt. Troy maintains a free online service which allows Internet users to search for their email addresses and passwords within various breach releases to see if they’ve been leaked. The service is called ‘Have I Been Pwned?” and Troy has been maintaining it for many years out of his own pocket and with some donations. You can find it here: https://haveibeenpwned.com
The usual advice for protecting yourself applies:
- Never reuse passwords across multiple sites; it increases your exposure by orders of magnitude.
Get a password manager. For personal accounts, Have I Been Pwned integrates directly into 1Password—automatically checking all of your passwords against its database. You can find it here: http://1password.com/
- Enable app-based two-factor authentication on as many accounts as you can, so that a password isn’t your only line of defense. And if you do find your email address or one of your passwords in Have I Been Pwned, at least know that you’re in good company.
See these links for more information and resources: