“Collection #1”. You’ll be hearing about it over the weekend as a “catastrophic data breach.” But it’s not a single breach, it’s a massive collection of at least a few hundred data breaches, cleaned and unencrypted.
As of right now, it consists of 41GB of simple text files, broken down by the first and second letter of 700+ million email addresses and their plaintext passwords.
It’s important to note that a lot of these accounts are yours, but may not be your password for your email account. Instead, they are the passwords you used for various online accounts that _also_ were associated with your email. There are a LOT of duplicates, each with password variations.
What this means for you:
– Create unique passwords for every website/service you use, particularly if you have a credit card on file.
– Change your passwords this weekend. Responsible sites will force you to by next week anyway.
– Use a password manager to help you keep track of the different accounts. They are free. Use them.
– Using a single email account is fine, but you MUST have different passwords and NEVER use your email account’s password on a different site/service.
– Family common or shared passwords are a TERRIBLE idea. Don’t do that because if you use it in one place, you’ve used it everywhere and now it’s known. From your internet provider to Target to Amazon to Kohl’s. Just don’t repeat passwords.
If you’d like to see if your account was listed, there will be “have I been hacked” sites popping up over the weekend. DO NOT submit any known passwords to those sites. They should only ask for an email address and then confirm or deny that your account was included in the collection. They should not return a password, or worse, charge you to view the password. Don’t pay anyone for access to this data. It’s in the wild for free already.
Feel free to contact me directly (outside of replies) if you have any immediate or pressing concerns.