Account information including user names and passwords stolen in 250 separate data breaches have been aggregated by cyber criminals and stored in a searchable online database of more than 1.4 billion records.
While this isn’t the first time cyber criminals have pulled together information from separate data breaches, it is by far the largest known database of stolen user records stored in one place in a format that is easily searchable.
You may not feel at threat, but if your information is among the 1.4 billion records (I know mine is), then there is a chance you will be targeted in the future by cybercriminals based on previous behaviour. For example, if your data is caught up in data breaches three years apart and you change your password from HawksPremiers2013 to HawksPremiers2014 to HawksPremiers2015, you will most certainly be an easy target.
To check if one of your online accounts has been hacked, visit free web security site haveibeenpwned.com.
The concern security experts have with a database of this size is the implications for targeted hacking. Humans rarely change their habits, so a password from an old database hack in 2014 combined with current social media posts can point hackers in the right direction to guess the updated password.
The new year is the perfect time to review and address any security flaws in your passwords used online. Always start by making your email address the hardest password to crack and ensure you never use it for any other website, as hackers can easily reset passwords to websites when they gain access to your email address.
Do you have a growing concern with the lack of security offered by through password-only verification? Companies such as Google have started two-step verification processes through phone verification. Do you believe this should become best practice for websites that use your credit card information?