Image: FLY:D / Unsplash
An astronomical 26 billion records of leaked, breach, and sold data has been discovered on the web—and it’s likely your information is caught up in the mix.
Discovered by cybersecurity researcher Bob Dyachenko of SecurityDiscovery.com and the team at Cybernews.com, news released Tuesday about this massive collection of users logins and personally identifiable information (PII). The set spans a whopping 12 terabytes (TB) of data, with Cybernews calling it the “mother of all breaches.”
Currently, researchers believe that most of the information comes from known sources—but they also suspect new, unpublished data is very likely part of the compilation. Duplicate data is likely mixed in as well. For comparison, Cybernews’ own data leak checker contains 15 billion records.
With such a large data set now public (and especially one that contains so much sensitive data), existing online security threats could become worse. For starters, increased attempts at identity theft become a possibility. Credential-stuffing attacks could rise, too. That’s where bad actors take known passwords and their associated email addresses, try that combination across the web, and see what accounts they can get into. If you reuse passwords (or use similar passwords), an attacker could end up taking over an extremely vital or sensitive account.
You can check to see if you’ve been caught up in the breached data through services like Have I Been Pwned and Cybernews’s own lookup. However, anyone with a weak, reused, or unchanged password after a leak or a breach is at risk.
What you should do: Use unique, strong, and random passwords for your accounts, especially for vital ones (email, financial, school, etc) and those containing personal information (which can include a surprising number of websites, including online stores). For an extra layer of security, consider using email masks. You can easily change and manage login info using a password manager—while the best paid ones offer features that make life easier, even a good free one boosts online security dramatically. Meanwhile, if someone contacts you asking you to verify your personal details, don’t take them at face value. Independently contact your bank, school, or wherever they claim to represent.
Author: Alaina Yee, Senior Editor
Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering software, PC building, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.
