Although mis-information abounds – here’s some truths about the Collection1 Data breach

On January 17, news broke about one of the biggest data breaches in history: 772 million unique email addresses and 21 million unique passwords were leaked online. Dubbed “Collection 1” by security researcher Troy Hunt, who first discovered and reported the breach, found the files were uploaded to a popular cloud service called MEGA and were up for grabs to anyone with an internet connection. They have since been removed from the site.

What Should I Do to Protect Myself?

First, take a deep breath. It’s always important to protect your identity, but there are concrete steps you can take to mitigate harm in a situation like this one.

  1. Check Whether Your Data Has Been Compromised

Hunt offers a free service to find out whether your personal data was part of a breach. You can check whether your email address has been compromised at Have I Been Pwned, while you can see whether your passwords have been exposed at Pwned Passwords. If your information appears in either of these databases, it’s important that you change your passwords immediately.

  1. Create Unique Passwords for Every Login

Even if your data has not been exposed, the most important thing you can do to protect yourself is to ensure that you never reuse passwords across multiple sites and logins. It may be tempting to recycle passwords for convenience, but it makes identity theft a lot easier for hackers.

“People take lists like these that contain our email addresses and passwords [and] attempt to see where else they work,” says Hunt. “The real risk posed by incidents like this is password reuse, and you need to avoid that to the fullest extent possible.”

  1. Use a Password Manager

It’s tough to come up with a unique password for each site when, in this day and age, you likely have dozens, if not hundreds, of accounts to manage. That’s why a password manager like LastPass or 1Password is indispensable. These services create secure, hard-to-crack passwords for each of your logins and stores them within a secure vault. You only need to remember one master password to access them.

If you can’t use a password manager, go old school all the way—write them down in a notebook.

It might be contrary to traditional thinking, but writing unique passwords down in a book and keeping them inside your physically locked house is a lot better than reusing the same one all over the web.

  1. Enable Two-Factor Authentication

To truly safeguard your accounts, two-factor authentication is a must. This security feature requires a unique code sent via a text message, call or email to log into your account after entering your password. That way, even if someone obtains your password, they can’t log into your account without the code.

Most accounts today require you to actively enable two-factor authentication. Make sure you do it at least for your most important account—your email address. If a thief can access your email address and password, they are likely able to access all your other accounts and change passwords. Enable two-factor authentication on your financial services accounts, as well.

  1. Watch out for Phishing Scams

Even though some of the data in the Collection 1 breach is stale, identity thieves may be tempted to use it to coax people out of other information through phishing scams. That’s when fraudsters use information about you, such as your name or email address, to get you to divulge other personal data through email or text, or install malware onto your phone or computer. Never click on links in email or text asking you to divulge personal information.