At the start of the month, more than 3 billion emails and passwords were posted to the dark web in the culmination of a number of different security breaches.
The leak, which is being called the Compilation of Many Breaches, or COMB, saw data taken from companies such as Netflix and LinkedIn. While data breaches are, sadly, an all-too-common occurrence, the scale of the COMB breach is unprecedented.
However, there are steps that you can take to ensure your online security. Here's how to regain your internet safety and mitigate risks in the future.
COMB: What Happened?
Perhaps the first thing to know about COMB is that it isn't technically a new data breach. Instead, it has pulled together stolen information from multiple previous breaches.
However, these breaches include the information of almost 70% of global internet users according to CyberNews.
The combined breaches include the information of almost 70% of global internet users
The COMB database of stolen credentials includes billions of unique email and password pairs — exactly what a hacker would need to get into one of your accounts.
Included in the database are around 200 million Gmail addresses and 450 million Yahoo email addresses.
At present, we don't know how many times the database has been downloaded and whether anyone has done anything with the information found within it. But we'd say to assume that at least someone with nefarious intentions has run through the database with a fine-tooth comb.
How to Tell if Your Data Has Been Leaked
Unless you're an experienced dark web user and can access the database yourself (which we wouldn't do ourselves), the easiest way is to confirm if your own data has been affected is to check data breach aggregator services.
CyberNews has its personal data leak checker, which includes more than 2.5 billion unique emails and some 15 billion breached accounts, plus CyberNews has confirmed is adding all of the data from the COMB breach. Have I Been Pwned is another great database for checking data breaches.
We'd recommend checking both before deciding what to do.
However, it's also worth noting that these services can't tell you whether anyone has been accessed your accounts. But, if they have, you may know anyway, due to unrecognised logins or worse.
How to Protect Yourself from Data Breaches
Sadly, there's no way to give yourself complete protection from a data breach. Your information is held by all of the services and companies you hold accounts with. Ultimately, they're responsible for protecting your information.
With that being said, it's well worth changing your email password at the very least – especially if you re-use the same one on multiple accounts (a terrible, but all-too-common security practice). Changing your password proactively should make it far more difficult for hackers to access services tied to your email account.
It's well worth changing your email password at the very least – especially if you re-use the same one on multiple accounts.
There are a number of steps that you can take to mitigate the risks posed by data breaches.
The most obvious thing you should do is avoid re-using passwords across multiple services. This means that, should there be a big data breach, hackers won't be able to access your accounts using one set of credentials.
However, the chances are that you have a lot of different accounts and it'll be impossible to remember all the different email and password combinations.
Instead, we would strongly recommend getting a password manager.
Find out more – The Best Password Managers for 2021
Password managers safely store all your passwords and automatically fill them in whenever you log into a site or service. Plus, most can generate secure complex passwords for you, too.
Should a service you use be hacked, you can easily change your password for that account.
Our favorite password manager is 1Password. It's delightfully simple to use and, at $36 per year, it's a bargain compared to getting your bank, PayPal, or any other financial accounts compromised.