Data breaches are seemingly commonplace these days and something we need to always be prepared for. Yahoo has had serious problems with them over the last year, with over 1 billion customer accounts exposed.
Now, a massive data breach has been discovered, exposing hundreds of millions of email addresses and passwords.
Has your personal information been breached?
A researcher, who goes by the name Benkow, recently discovered an unsecured server exposing email addresses and passwords. The data breach is massive, containing over 711 million unique email addresses.
Spammers are using the stolen credentials in a large-scale malware operation. The "Onliner spambot" spreads a banking Trojan dubbed Ursnif.
What's happening is, victims are receiving spam emails with normal-looking attachments. When the attachment is opened, your gadget is infected with malware. If your gadget is infected with the Ursnif malware, scammers can steal your usernames and passwords to online accounts as well as sensitive credit card information.
Email filters are more sophisticated and better at filtering spam these days. That's why cybercriminals have started using spambots, which help bypass those filters.
Benkow said, "To send spam, the attacker needs a huge list of SMTP credentials. The more SMTP servers he can find, the more he can distribute the campaign."
Keep reading to learn about safety steps you must take immediately.
1. Check to see if your email address is in the breach
This is the most important thing you will do today and it will only take a few seconds of your time. You need to find out if your credentials are part of this data breach.
If so, it's critical that you change your passwords immediately. The best way to find out if you're impacted is with the Have I Been Pwned website.
It's an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest breaches. You can even set up alerts to be notified if your email address is impacted in the future.
2. Change your password
Whenever you hear news of a data breach, you need to change your account passwords. This is a good idea even if your email isn't on the list of stolen credentials. It will ensure that your accounts are safe moving forward. Read this article to help you create hack-proof passwords.
3. Manage passwords
You might not know this but many people use the same username and password on multiple sites. Are you one of them? That's a terrible idea and you must change it ASAP!
If you're using the same credentials on multiple sites and there's a breach on just one of them, all of your accounts are at risk. Change your credentials for each site to make them unique. If you have too many accounts to remember, you could always use a password manager.
4. Set up two-factor authentication
Setting up two-factor authentication on your accounts will provide an extra layer of security. Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
5. Beware of phishing scams
You really need to watch for scams after a massive data breach like this. Cybercriminals will try and piggyback on this breach with phishing attacks.
They will create fraudulent emails, pretending to deal with the breach, hoping to get victims to click on malicious links that will lead to more problems. The best way to avoid these attacks is to familiarize yourself with what phishing emails look like. Take our phishing IQ test to see if you can spot a fake email.
6. Keep an eye on your bank accounts
You should already be frequently checking your bank statements, watching for suspicious activity. It's even more critical when pertinent information has been exposed through a data breach. If you see anything that seems strange, report it immediately. It's the best way to keep your financial accounts safe.
7. Close unused accounts
If you're like me, you visit several different websites daily. Many of these sites require you to create an account before you can use its services. Sites like Amazon and eBay not only need your email address for correspondence, but also your physical address so items you purchase can be shipped to you.
The problem is, there are many sites that you used to visit all the time but not so much anymore. Who can remember Myspace? Exactly.
It's extremely important to delete all of your unused accounts. That way, if a site you no longer visit has a data breach your information will be safe.
However, you might find that some sites make it difficult to remove your account. Don't worry, we've found a solution for you. Click here to learn about a site that helps manage all of your online accounts at once and easily delete the ones you no longer use.
Follow these safety procedures and you'll be fine. Be sure and share this article with your friends and family to keep them protected as well.