Hot on the heels of the release 773 million user’s details in Collection #1 comes Collection #2 to #5 with 2.2 billion unique user’s details.
GadgetGuy reported on Collection #1 on 18 January and the advice to check if you have been Pwned is more important than ever. Collection #2 to #5 has 2.2 billion user’s details from breaches including Yahoo, LinkedIn, and Dropbox and other sources. It is 845GB in size!
I put my private email address into a new search site hosted by the Hasso-Plattner-Institut and within seconds received an email with good and bad news. Yes, my email address and then passwords had been exposed but personal data had not. In many respects that is because I have also been very careful with exposing data to anyone. HPI state that 8,165,169,702 user accounts have been Pwned!
Passwords are gold – check them
Next check your commonly used
passwords here. That is how I found which
passwords hackers had access to. Change
The release of Collection #2 to #5 is both good and bad news.
The good is that it has drawn attention to the issue and every
reader should act now by checking their email addresses/passwords and change
The bad is that, as Kaspersky has predicted, the new threat comes from newer, inexperienced and ‘hungry’ cybercriminals in South-east Asia. This list is gold to them, and you can bet it will be fed into their massive automated spear phishing operations and user profiles as you read this!
That means more dangerous spear phishing, more poorly spelt
emails and more breaches. It also means
these new cybercriminals will start attacking social media and other common accounts.
And the worry is that the
‘professional’ cybercriminals can dump 2.2 billion ‘used’ names means that they
still have more breaches they are using.
Collection #2 to #5 makes privacy and security a pipe dream
You may recall that I wrote about the Starwood data breach on 4 December. Having spent much of my life in the meetings industry and as a foundation member of the Sheraton Asia Pacific Advisory Board I spent much time in said Starwood properties.
About that time I started getting junk emails from my email address! That meant a hacker had managed to compromise an old webmail account. And I started getting invalid password messages on all manner of accounts from Airbnb to Woolworths and everything in between.
The problem is that I had used a single generic password for non-critical accounts and the hacker had accessed many of these and changed them. I spent much of Christmas leave changing over 30 accounts passwords. Some accounts were very hard to change because no sooner as I changed the password, the hacker would change it again.
The point is simply this.
I am careful with data I expose to the internet. I don’t have a Facebook
account (and never will trust this deceitful company) and limit other logins to
Joe and Jane Average don’t have the skills I do (and I have been Pwned) so the warning to all readers it to
take action now.
Change all passwords, email or otherwise on a
Never re-use passwords or use the same ‘root’
Use a combination of uppercase and lowercase
letters, symbols, and numbers
Monitor your financial accounts and report any