- As many as 26 billion records believed to be from a multitude of breaches were discovered online.
- The sheer amount of data exposed means that it is vital for internet users to check whether they have been compromised and update their passwords.
- A password manager and a bit of creativity can help you secure your credentials online.
This week saw the so-called “Mother of all Breaches” or MOAB, grabbing the interest of cybersecurity professionals and experts.
A team at Cybernews working together with cybersecurity researcher Bob Dyachenko uncovered a massive repository of records that contains data obtained from other breaches and most likely, new compromised data as well. MOAB is said to contain as many as 26 billion records.
We highly recommend you visit Cybernews’ Data Leak Checker to see if any accounts associated with your email address are compromised. One email address we own was found in as many as 24 leaked or breached databases.
With that information in mind, we’ve spent the better part of the last day changing passwords on any platforms that used a password associated with that email address.
This was made easier thanks to our use of a password manager. We make use of LastPass but there are multiple products you can use.
While a free password manager is better than none, we recommend you spend some money on a subscription. LastPass for instance locks logins on different platforms behind its premium tier. Many cybersecurity solutions also include a password manager so check whether your solution has a password manager you didn’t know about.
Using our password manager we were able to simply search for the compromised email address and began updating our potentially compromised credentials.
Ideally, a password should be as long and complex as possible. Something with upper-case and lower-case letters as well as numbers, and special characters is preferred and if the platform allows it, throw a space or two in for good measure. Something like ^%SxfcSQQ@5e$L!2 is great but it’s tough to remember. While a manager solves the problem of remembering these complex passwords, you still need to set a very strong master password.
For passwords that we need to remember off-hand, we like to use a combination of the long and complex password outlined above and xkcd’s “correcthorsebatterystaple” example. While tough to learn at first eventually it will be easy to recite but tough for a criminal to crack.
Many experts also recommend changing your passwords frequently so as to avoid compromise in instances where breaches aren’t public knowledge. For additional security, always make sure to use multi-factor authentication where available. Having an additional prompt that confirms your login could stop a cybercriminal in their tracks.
Now might also be a good time to audit the profiles you have online. Over the years we can unknowingly accumulate a host of profiles on myriad websites. Take some time to check where you have accounts and delete your profile if you’re sure you’re not going to access that platform again
Avoid common number combinations or plain words as you might find them in the dictionary. Things like “password”, “password123”, “qwerty123456” or even “2580” should be avoided or changed quickly if they are being used.
The sheer number of records in the MOAB database should be a warning to everybody that any data is worth stealing. Cybercriminals sell this data to others who use it to run phishing, ransomware, or other cybercrime campaigns.
With MOAB containing so many records, it’s worth spending your day-to-day both checking if any of your email addresses are compromised and updating passwords.
[Image – rc.xyz NFT gallery on Unsplash]
