It’s been a while since I had big data breach news… just kidding… it was 23andMe in October. But this news is wayyy bigger than that.
26,000,000,000 Is a Lot of Zeros
Y’all. This. Is. Big. Cybernews first reported the massive trove and raised the alarm.
Six Reasons This Breach Will Affect YOU
- There are tons of new records
This database of stolen info, like many giant breaches, contains data from previously known breaches, which means that you might already have fixed your vulnerabilities from an earlier issue. But it also has plenty of fresh data.
- The records include sensitive data
The breach has much more than just basic info. Cybernews says, “the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors.”
- Many major sites are affected
Recognize any of these companies? Again, some of this data was already out there, but if you didn’t change your password when the original breach happened, you’re now double hosed.
- This is bigger than anything we’ve seen before
The next-biggest massive data breach had about 12% of what this one contains. People, this is a LOT of data.
- It comes on the heels of another huge breach
About a week ago, Troy Hunt (founder of Have I Been Pwned?) verified that he believed a list called Naz.API contains a whopping 25 million credentials that hadn’t been seen before.
- You’re in trouble if you reuse passwords
One of the biggest worries from these massive databases is that now the bad guys have your username/password combos. They use these lists to go around and test other sites. So if you’ve reused your passwords, other accounts might be vulnerable.
What to Do If You’ve Been Breached
- Check to see if your emails and passwords are exposed. The Cybernews link is adding the Mother of All Breaches lists now
- Change your passwords.
I don’t have to tell you this, but I am telling you anyway. Change your passwords. Update any reused passwords. You know what to do. You just need to make the time to do it.
- Use a password manager.
I’ve had a lot of drama with password managers. I’m still bitter. But I think 1Password is the best.
- Go passwordless with passkeys.
Passkeys let you log in using biometrics (face or fingerprints) and are much more secure. They’re not everywhere yet, but when you see the opportunity, make the switch.
- Enable multi-factor authentication.
I know it’s annoying to have to wait for a code when you log into your bank account, but taking that extra step increases your security big time. That extra quarter second it takes to verify with another device can save you hours and hours of hassle if you get hacked.