On February 2, 2021, it was reported that the COMB was leaked on a popular hacking forum. This is quite possibly the largest data leak in history, as it contains 3.2 Billion unique pairs of emails and passwords. To put it in perspective, the entire population on the planet is 7.8 Billion people. That means this breach is roughly 40% of the population. The good news is this is NOT a new breach, but merely a compilation of multiple breaches over the last few years. Sources appear to be Netflix, Linkedin, Exploit.in, Bitcoin and a few others. While this means potentially no new information has been leaked, it does not mean you can brush news like this to the side. Anytime data is leaked, it provides hackers the ability to cobble together a larger picture of your online profile, making it easier to steal more data from you in the future.
How do I find out if my data has been breached?
With 3.2 billion unique pairs breached, there is a good likelihood that it has. Luckily there are many cybersecurity organizations that troll the darkweb looking for repositories like this and enable you to search to see what information is out there. Cybernews.com hosts an email tracker that allows you to quickly see if your email address was compromised. Additionally, your cybersecurity services team can help do a quick check of your information also.
My Data is exposed! What should I do now?
First take a deep breath, much like any other data breach, while your information is out there, it does not necessarily mean it is being utilized. You still need to take steps to protect yourself and ensure that the information that has been leaked cannot be utilized. Because people utilize the same login information across a host of different websites and institutions, if that is you, then hacked data in one location can be used at another and in some cases a more sensitive location, like your bank. Follow these tips to make sure no further damage can be done:
- First Things First- Update your passwords!
By updating your passwords on a regular basis, malicious individuals only have a small window of time to utilize the breached information. As we have mentioned in previous blogs, passwords should be changed regularly, be unique and contain different characters, numbers, and symbols. Also, the longer the password, the better. While keeping track of many passwords may seem difficult, installing and using a password manager is helpful in tracking maintaining and securing passwords.
- Utilize MFA (Multifactor Authentication)
Much like maintaining proper password hygiene, using a second authentication step helps reduce the ability of hackers to use just a password and email address. MFA solutions require you to enter a one-time use code each time you attempt to log in to a website. We always recommend turning these items on with banking or other sensitive data institutions to add on an additional layer of security. Much like changing your password, even if that information does get out, hackers are unable to bypass the second layer as easily.
How can Summit Help?
A breach of this magnitude may be directed at individuals rather than organizations. As a business owner, you still should take notice. Protecting sensitive company information in the off chance that an employee has been affected is paramount for you to maintain business continuity. Our Security Consulting Team can help you secure your network and provide additional tools and resources that make it harder for malicious attacks to cause any damage. Give us a call today if you are interested in learning about our security services or our CSF assessments.