Earlier this month, more than 3.2 billion unique unencrypted email and password combinations were released on a popular hacking forum. This COMB, or Compilation of Many Breaches, contains data from a number of previous breaches including Netflix, LinkedIn, Yahoo, Hotmail, and many others. To put the enormity of this breach into perspective, there are approximately 7.8 billion people on earth and 4.7 billion internet users. This means that this COMB puts almost 70% of internet users at risk.
According to CyberNews, “COMB is a quick, searchable, well-organized database of past major leaks”. This includes 200 million Gmail addresses and 450 million Yahoo addresses. If you’re a chronic password recycler (over 50% of internet users are), this means many of your accounts could have been breached. Aware of the frequency in which people reuse passwords for multiple accounts, hackers can use info gathered from COMB to break into your other accounts. This is called credential stuffing. Continue reading to see what you should do to help protect yourself from the fallout of this massive COMB.
What should I do?
Change your passwords
If you found out that your information was breached, or even just suspect that it might have been, immediately changing your passwords is a smart first step. You can check if your email has been involved in a breach by using the Have I Been Pwned? tool. iPhone users can also find what passwords of theirs have been found in a data breach thanks to a rather recent update. To do this, go to Settings > Passwords. Any compromised accounts will be shown in the Security Recommendations section.
Create strong passwords
While you’re changing your passwords, make sure the new ones you’re creating are strong. What makes a good password? Hard to crack passwords are random, long, and contain a variation of characters (ex. uppercase, lowercase, numbers, symbols). You can also use a passphrase. A passphrase is a collection of multiple, sometimes random or abbreviated words such as FoxtablerUgsockS or abbreviating a sentence like “My favorite food is bagels with cream cheese” to “MfFiBwCc”. Also, don’t reuse passwords. It’s more than likely that reusing the same password for multiple accounts got you into this mess in the first place. Don’t make the same mistake twice!
Use a password manager
Using a unique password for each account can seem impossible, especially if you have dozens or hundreds of accounts. Using a password manager can help keep your passwords organized and secure. A password manager stores your credentials in an encrypted database. All you have to remember is the master password for the manager and you’re good to go. Many password managers can also help you create strong passwords.
Enable multi-factor authentication
Through the use of two or more authentication methods, multi-factor authentication is a great way to lock down your login. This combo could be something you have (such as a code sent to your mobile phone via text or authenticator app), something you are (such as a fingerprint), or something you know (such as a password).