It's likely that you tell yourself something like "Oh, it won't happen to me. Who would be interested in my password? I'm not an CEO of a large corporation or a Minister of Foreign Affairs or something."
If this sounds like you, yesterday was a good day to do some rethinking.
Reportedly, a shocking 87GB of 722,904,991 unique email addresses and 21,000,000 unique passwords were published to a hacking forum yesterday.
What does it mean for you? A few things:
First: It's likely that your email address has been leaked.
If the world "likely" doesn't sound convincing to you, think about numbers. There are approximately 4.02 billion internet users in the world; 722,904,991 unique email addresses have been leaked yesterday. Do simple math, and you'll realize that this translates into up to 1 in 5 internet users may have been affected.
Second: Right now, someone might be taking advantage of this leak.
Personal data costs money. Some personal data costs up to thousands of dollars per file. Although most emails that leaked do not have passwords for them, lots of emails do. This means everything you've ever sent or received via your email, including all files you store in Google Drive (if you're using Gmail), might be at risk of being compromised or malevolently used by criminals.
If your email address has been leaked but your password is not found in a leaked passwords list, you're a little more lucky that some people. But only a little. Stolen email addresses take cybercriminals one (large) step closer toward gaining unauthorized access to your sensitive data—especially, if you don't use a strong password and your current password is relatively easy-to-guess.
Not to mention that some cybercriminals can cross reference recently leaked data against previous breaches, find matching combinations, and do even more harm.
Third: You need to immediately take action to protect yourself.
There's no time to spare. To protect yourself, follow these steps as soon as possible:
- Check if your email address was leaked here: https://haveibeenpwned.com.
- If your email has been compromised, change your email password immediately. Make sure to do the same for other accounts if you tend to use the same password for more than one website or service (The phrase you're reading now is a kind reminder that using the same password for multiple accounts is not a good idea if you care about your security and privacy online).
- Enable two-factor authentication for your email to make it harder for hackers to do their malevolent work.
How do I know if my password or email was stolen?
The fastest way to find out if your email or password has been compromised by a breach is to use the Have I Been Pwned online checker created by well-known security researcher Troy Hunt. There you can check both your email address and passwords.
What should I do if my password is in a leaked passwords list?
First and foremost, don't panic. Go to your email and change your old password to a new, strong one. Enable two-factor authentication (this will make the process of logging in a little longer, but given the increasing number of breaches and leaks, it is absolutely worth it).
Security breach news: bottom line
In today's world, nobody is immune to online privacy and security threats. Data leaks and monster security breaches happen every year, many times a year, so it should be a part of your resolution for 2019 to learn and start practicing the rules of good online hygiene. After all, it's always better to be safe than sorry.