Matsco Security Advisory (Breach Alert)

In Cyber Security, Financial Services Technology by Amaya Swanson

Late last week, a massive data breach of 773 million email addresses and 21 million passwords was uncovered. These numbers are the net results after Troy Hunt — the security researcher who runs the website Have I Been Pwned — removed duplicates from the data found on MEGA, a cloud service. Hunt was the first to report the breach and noted that the data included “dehashed” passwords, meaning the passwords have been fully exposed. Even worse, the email addresses and dehashed passwords are more vulnerable to credential stuffing, which is the practice of using the compromised credentials on various sites to see where else they work. Credential stuffing is successful, as many people reuse the same passwords with their email addresses across multiple sites. The breach has been called “Collection #1”.

Now what?

First, visit Have I Been Pwned (HIBP) to check if your email address(s) have been hacked, and then check if your various passwords have been compromised. (Side note: HIBP is legit, everything is anonymous, and no data is stored from inputs: you can read more about it here.)

When I checked my accounts and passwords, I found that my email addresses had all been compromised (annoying, but predictable), my banking passwords were safe (thank goodness!), social media were untouched (yay!), but one of the passwords I (shamefully) use across a lot of platforms had been compromised 27 (!!!) times. My afternoon was spent setting up a password manager for my personal credentials, and fanatically – and sheepishly — changing my passwords.

Before you change your passwords, be sure to visit our post on the best practices for passwords, and then create safe, unique password. When there is an option, turn on two factor authentication.

You can read more about the breach on Forbes, MalwareBytes, Wired, and the Independent.

Share this Post