Skip to Content
Security & privacy

Check your accounts! Crooks might have your passwords after this massive data breach

It’s being called the “mother of all data breaches,” because it affects nearly three-quarters of a billion email accounts, more than 20 million passwords and about 2,000 leaked databases.

And you know what that means. Criminals are hard at work finding ways to rip you off.

That’s why it’s critical to know when a massive data breach happens, so you can take action. Well, we’ve just learned about a breach impacting hundreds of millions of email addresses, and yours could be one of them.

Millions of emails and passwords exposed

Security researcher Troy Hunt just posted a dire warning about a massive data breach file titled “Collection #1.” He said he was tipped off last week by multiple people about a huge collection of files on a popular cloud service called MEGA. (Note: The list has since been removed from the site.)

After checking into it, Hunt was able to verify that nearly 773 million unique email addresses were exposed on the list of files. Plus, there were over 21 million unique passwords exposed.

Now this isn’t a new breach of one specific website. This file is a collection of stolen credentials from a bunch of other data breaches dating back to 2008. Files like this are used for “credential stuffing.” That’s when criminals use automated programs to test stolen credentials on other sites to fraudulently gain access.

Even though this isn’t a “new” breach, we still need to take steps to make sure our online accounts are safe. This is especially true if you’ve ever used the same password on multiple websites, which is more common than you would imagine.

There is a way for you to find out if your email address or password has been breached. Hunt created the website “Have I Been Pwned” years ago, and you can enter your email address and it’ll tell you if it’s been part of a data breach.

He added another feature on the site a while back that lets you find out if your password has been breached. Tap or click here to find out. Just enter any password you are wondering about and hit the pwned? button.

If it’s been breached, you’ll see a result that looks like this:

(Image source: haveIbeenpwned)

What can you do after a major data breach?

Whenever a huge data breach occurs, there are security steps that we should all take. Here are some suggestions.

Change your passwords

Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites, which is a bad idea by the way. That’s because if your credentials for one site are stolen from a breach, criminals can test them on other sites to log into those accounts as well. It’s called “credential stuffing.”

Another mistake people make is creating passwords that are too easy for hackers to crack. Read this article to help you create hack-proof passwords.

Keep an eye on your bank accounts 

You should already be frequently checking your bank statements, looking for suspicious activity. It’s even more critical when there is a massive data breach. Thieves could have stolen enough information to break into your financial accounts.

If you see any suspicious activity, report it immediately to your bank. They will be able to look into the transactions and determine if they’re fraudulent.

Set up two-factor authentication 

Always setup two-factor authentication (2FA) on your accounts when it’s available. It means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.

With 2FA enabled, a thief will need more than just a stolen password to break into your accounts. Click here to learn how to set up two-factor authentication.

Beware of phishing scams 

Scammers will try and piggyback on data breaches like this. They will create phishing emails, hoping to get victims to click on malicious links that could lead to more problems.

That’s why you should familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.

Get a free annual credit report

Under federal law, you are entitled to a free copy of your credit report every year from the three major credit reporting agencies, Experian, Equifax and TransUnion. It’s a good idea to check your credit report following data breaches to make sure everything is on the up-and-up. Click here to learn how to get a copy of your free annual credit report.

Bonus: Can the government protect your online privacy?

Whether it’s a data leak or a data breach, it seems that your private information is getting passed around every day.

In this episode of Komando on Demand, guest host and renowned attorney Steven Teppler talks to retired FBI special agent Lawrence Wolfenden, now a cybersecurity and privacy expert, about his experiences with electronic privacy issues during his career as well as what the government can and can’t do when it comes to protecting our privacy.


Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started