“The Mother of All Breaches”
“Biggest EVER collection of breached data”
“An astonishing 773 million records exposed”
“Ooh, this is a big one.”
Do any of these headlines get your attention? The site HaveIBeenPwnd discovered a cache of emails and passwords called “Collection #1.” The data included records from previous hacks as well as millions of data points that had not previously been known.
Did you note the name? “Collection #1.” Experts think that other data caches for sale on the dark web are fresher and newer and even bigger.

Even though Collection #1 apparently contains data stolen 2-3+ years ago, I would bet a million cupcakes that many of you are still using username/password combos on multiple sites, and that you haven’t changed them in quite some time.
So you should be concerned.
I’m not personally worried about this breach. Why? Because I’m diligent about creating unique, unguessable password for every single place I register.
Every. Single. Site.
Many of you have heard me speak and are planning to start using LastPass (my favorite) or 1Password or Dashlane or any of the high-quality (yet low-cost) password managers that are out there. But have you done it? And have you cleaned up your old ones?
It’s time. It’s past time. Do it this weekend!
Hi Beth,
Thanks for all the useful info and keep up the great work!
I had a question about the use of LastPass or similar as it relates to the email breach. Even if you have unguessable passwords, does it really matter in this case if the breach contained both the email and the password? Wouldn’t you have to change the password anyway no matter how unique it is if the info was breached?
Sorry for my lack of understanding.