If you thought the data breach of 773 million emails and 21 million passwords was bad, it turns out Collection #1, an 87GB listing of these records could just be part of a 1TB database of stolen data.
According to Brian Krebs, who spoke with the hacker who is selling the data (for as little as $45 mind you) Collection #1 is actually about two to three years old and the biggest collection of the database will be Collection #2, which alone includes 626 GB of stolen data. The hacker also told Krebs that he/she has access to about 4TB of new password packages that are less than 12 months old.
The dump of Collection #1 was first detailed by security researcher Troy Hunt, who runs the breach notification service HaveIBeenPwned where you can check to see if your email is included on the list.
How Much is Your Email Worth?
If you fail to safeguard your email accounts properly, you may effectively turn over your email to hackers who then are in control of the accounts you use that email address for. For instance, a hacked email can allow hackers to request a password reset.
Once into your account, hackers can invade your privacy and access your chats, calendar, messages, and even your call records and location on your mobile. They can access and sell your Facebook, Twitter and other social media accounts, as well as your subscription services like Netflix, your shopping accounts and Amazon, and your game accounts. With this information, hackers can flood your contacts with spam and infect them with malware – this includes your social media contacts. In fact, hackers can harvest the messages you send, and collect your Google Docs and One Drive content, as well as content from other cloud storage accounts. With your email address, hackers can gain access to your bank accounts, change your billing, and even ransom your accounts.
Up Your Security
One of the best things you can do to protect yourself, whether your email and passwords have been hacked yet or not is to get a password manager. A password manager can securely store your passwords, banking and credit card information, and other stuff you don’t want available online.
If you don’t want to use a password manager, use two-factor authentication whenever possible. This type of security prevents data theft because even if hackers get your password, they also have to a second factor that deters compromise – they have to get your security or access to your mobile device.
Finally, if you aren’t keen on using these digital security tools, your best bet is to choose a different long passphrase instead of passwords. Passphrases are strings of words that don’t make sense together. Long passphrases are actually more difficult to hack then short passwords. And instead of using the same passphrases all over the web, choose a different passphrase for each of your accounts and write them down in a notebook kept beside your computer.