It’s been reported that billions of exposed records have been discovered online; a compilation of multiple data breaches containing sensitive data. Although it’s been stated that the records in many cases are likely historic and have been compiled from previous breaches or leaks, the inclusion of usernames and passwords is a cause for concern and individuals should take steps to protect their accounts.
How do you know if your account is compromised?
Given the scale of this breach, it’s highly likely that some of your data is included. However, if you want to find out if your data has been exposed online you can use a free tool such as this from Malwarebytes to see if your email address has been part of a data breach.
What should you do to protect your account if it’s been compromised?
If you find that your account has been compromised, or if you suspect it may have been involved, change your password immediately, including other accounts where you may have used the same password. In addition, we strongly recommend enabling multi-factor authentication on all accounts, which will require a secondary form of authentication in addition to your password to login.
Is there anything else to be aware of if my data has been breached?
Some of the data included in the database is sensitive information, which may be used in other ways by cyber criminals. Be extra vigilant towards phishing emails; if in any doubt, do not click on any links you receive in emails or text messages. Criminals may use the event itself to coerce users into giving away their credentials by posing as legitimate entities, with fake information about your data being exposed in the breach.
What can you do to protect your accounts?
Use unique passwords for all accounts to ensure that in the case of a breach, the attackers cannot gain access to other accounts using the same credentials.
Use a password manager to securely store your passwords, where all your passwords are stored in an encrypted database, protected by a master password. Using a password manager eliminates the need to remember login credentials and removes the need to re-use passwords.
Use a strong password, we recommend it should be at least 18 characters long, however this number increases each year. Ideally, the password should be a mixture of lower case, upper case, numbers and special characters that is randomly generated. Alternatively, the NCSC recommend using three random words to ensure your password is long, unique, but still easy to remember.
Use multi-factor authentication on all accounts as an added layer of security, usually in the form of a one-time password that you must enter in addition to your ordinary password.
How we can help
As an IT services provider, we implement and support organisations when setting up multi-factor authentication and can offer general advice around password security. Contact us if you have any questions.