We are constantly warning you about the latest digital threats. Just this week we told you about a massive credit card breach at a U.S. retail giant.
It's a never-ending battle to keep our sensitive data out of the hands of cybercriminals. Now, hundreds of millions of credentials have been exposed online for anyone to see.
Why your credentials are at serious risk
Researchers at Kromtech Security Center have discovered an exposed database that contains over 560 million login credentials. The leaked info includes email addresses and passwords that were stolen from several popular websites such as LinkedIn, DropBox and Tumblr, among others. More than 243 million of the leaked email addresses are unique.
It doesn't appear to be a new data breach. Instead, the database is a collection of stolen credentials from past breaches, some of which occurred years ago. Which means, if your credentials were stolen in any of these breaches and you didn't change your passwords, you are at serious risk of being targeted by cybercriminals.
Whenever you hear of a massive data breach, it's critical that you change your passwords. You also need to take the following security steps.
What you must do after a data breach
- See if you've been hacked - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.