A huge collection of email addresses and passwords, which can be used to break into online accounts, has been discovered.
This vast haul of data, known as “Collection #1” contains 1.16 billion combinations of usernames and passwords and is most likely being used for “credential stuffing” attacks, where hackers run scripts which automatically attempt to break into accounts using a database of matched username and passwords. If they don’t break in with one username and password combination, the program moves onto the next, enabling them to try many combinations in a very short space of time.
You can check if your details are likely to be on the list by entering your email address on HaveIBeenPwned. It won’t tell you what password the breached data may have had alongside your email address (there are very good reasons for this) or if exposed passwords are ones that you used years ago.
In short, follow best practices and don’t ever reuse passwords!
This sounds like a lot of hassle, but good password management applications are available which don’t just store your passwords securely, they check whether you have reused the same password on different sites.
If your details have been breached then here’s our advice:
- Get a password manager and start using it
- Make sure that you are using different passwords for all of your accounts
- When you need to think up a new password get your password manager to do it for you
- Ensure that as many of your online accounts as possible are enabled for 2 Factor Authentication (2FA)