The internet is experiencing yet another gut wrenching “oh shit” moment after it was revealed yesterday that 560 million login credentials to various popular websites have been compromised. The trove of email addresses and passwords to reportedly 10 sites including Linkedin, MySpace, Tumblr, Adobe and DropBox, have all been stored on an insecure database and were discovered during a routine security audit carried out by Kromtech Security Center.
The major takeaway here, despite the climate of hacks, nefarious scams and ransomware attacks running amok in cyberspace, is to secure your online accounts. The identity of the person responsible for the database is still unknown. Among the spoils of the massive breach are 243.6 million unique email addresses -- meaning that yes, there’s a good chance you might be at risk.
While the discovery of the database is new, the actual hack itself isn’t. The crux of the stolen information was extracted during previous attacks, some of which took place years ago, according to Kromtech researcher Bob Diachenko. Linkedin, Tumblr, Dropbox and others have all been the victims of large hacks in recent years, with millions of logins compromised. Again, this a timely reminder to update your passwords, which are sometimes painfully easy to ascertain using simple guesswork. It’s always worthwhile to enable two-step verification on your email account, too.
According to a report in Gizmodo, the database was confirmed by internet security researcher Troy Hunt, whose “Have I Been Pwned” tool verifies whether or not your login credentials has been hoovered up in a data breach. Hunt’s website conveniently tells you which one of your accounts has been hacked, so you can at least try to salvage some kind of privacy by changing your information.