31 Aug 2017
Huge list of emails and passwords exposed
Troy Hunt has received a huge collection of over 700 million email addresses that’s used by spammers to clog up our inboxes and spread malware. He also received email addresses and passwords, over 35 million of them, that allow spammers to send their spam.
All these addresses are a key way malware is spread - out of those 700 million addresses, for a spam campaign to be profitable it only takes a small fraction to click a link, get infected and then become part of a botnet or victim of a cryptolocker.
What to do?
Get a password manager
Use your password manager
Generate a unique password for each site using your password manager. The only way to protect your identity and online accounts is to use unique passwords everywhere.
If that’s too difficult – it is for a lot of my customers – use a physical password book, while updating your passwords online, write down unique passwords for each account and store the book somewhere safe.
Enable Multi-Step Verification
Aka. Two-Factor Authentication helps keep the bad guys out by adding another layer of protection.
Google prompt and Authenticator apps are good examples of Two-Step Verification.
Warning: Motivated bad guys can easily call up your telco to circumvent SMS or phone call verification.
Check have i been pwned
Visit Troy Hunt’s site Have i been pwned?
If you got pwned, review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords. Make sure you’re signed into your password manager so it captures the updated passwords.
If no pwnage, subscribe to get notified when future pwnage occurs and your account is compromised.
Upgrade your email service
For professionals and businesses, switch to G Suite.
Want to get daily tech news straight to your inbox with an aussie slant? This article’s opening paragraph was
inspired copied from The Sizzle newsletter.