According to Cybernews, over 16 billion passwords were discovered in a massive data breach involving over 30 different databases. The data appears to be recent, not merely recycled from old breaches. Cybercriminals now have unprecedented access to personal credentials and could exploit them for account takeovers, identity theft, and targeted phishing attacks.
The possible impact
Researchers say that this “is not just a leak β it’s a blueprint for mass exploitation,” the report said. Cybercriminals can use the stolen credentials for various attacks, including credential stuffing, phishing, identity theft, and gaining access to 2FA and backups, putting nearly every kind of online identity at risk.
What should you do?
- Scan your system for info stealing malware with a good antivirus product.
- Change your passwords. Use a strong, unique password for every site you use, and consider using a password manager to keep them organized and secure. Start with your Apple, Google, and Meta (Facebook and Instagram) accounts plus any other email, shopping, banking and financial sites. Do not reuse passwords.
- Enable multi-factor authentication (MFA) or 2- factor authentication (2FA). With 2FA enabled, even if a password at a site is compromised, threat actors cannot access the account without your 2FA code. Consider using an authentication app, like Microsoft Authenticator or Google Authenticator to manage your 2FA codes. Do not give out your 2FA codes to strangers.
- Adopt more secure, passwordless authentication methods like passkeys. Passkeys use existing biometrics like your face or fingerprints, digital patterns or PINs to access your accounts. Unfortunately, not all sites use passkeys.
- Beware of phishing scam emails. Verify the email sender by looking at the email address, not just the senderβs name which can be easily spoofed. Donβt click on links or attachments, and donβt call phone numbers listed in the email.
- Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies. A credit freeze will prevent anyone from accessing your credit report or scores. You can still apply for new credit by temporarily lifting the freeze with a 1-3 day credit thaw.
Contact Esser Consulting, LLC at (920) 735-1806 for help.
