A collection of almost 2.2 billion stolen emails and passwords have surfaced online. It's a truly mind-boggling cache of private data that has only gotten larger since it was first reported.
It's likely an aggregation of data from multiple huge breaches over the course of years, and might include data stolen from LinkedIn, Dropbox, and Yahoo.
Could you personally be affected? Odds are pretty high that you were. Here's more on what exactly happened and what you can do about it.
Record Data Leak of Passwords and Email Addresses
Researcher Troy Hunt first reported the data cache on January 17, writing that it constituted “1,160,253,228 unique combinations of email addresses and passwords and 21,222,975 unique passwords” in total.
Now, researchers from Germany’s Hasso Plattner Institute have uncovered four more collections of stolen user data. Already one of the largest data breaches ever, the list of 2.2 billion users' data is over three times larger than previously thought.
Consumer Reports explains what makes this record-setting data cache so dangerous, citing Emily Wilson, vice-president of research for the cybersecurity firm Terbium: “It’s the ‘enormous' size of the data set and the fact that it’s packaged in a full-service list that makes this latest security threat noteworthy.”
Ironically, the size of the data set also makes this cache useful to data scientists trying to study common patterns in how people pick their passwords.
Was Your Account Affected?
You can check your own password security through two different online services: Have I Been Pwned? and Identity Leak Checker, both of which will check your email address against known databases of leaked data. If your email turns up, you'll want to not only change that email's password, but also change your password on any important sites that you might have reused it on.
Need a list of the best password practices to remember?
- Longer is better
- Mix uppercase and lowercase letters with special characters
- Use two-factor authentication when possible
- Delete your old accounts — long-forgotten profiles on Flickr or Tumblr can come back to bite you
- Change your passwords regularly
Could A Password Manager Help?
If you're making your passwords more complex and changing them often on top of that, you're not going to be able to keep them all in your head. Password reusing — a huge issue at the core of modern data security — runs rampant mostly because we're all too lazy to keep passwords in our heads.
Enter the password manager, a sort of searchable, digital notebook that can deliver the password you need for the account you need to access at any given moment. Here, we've thrown together a quick comparison graph that takes a look at the top password managers out there.
Granted, it won't keep your email off the staggering 2.2 billion that are already out there (seriously, that's almost as many people as are on Facebook: you're probably on it). But data security is only getting more important every year, and password manager is the pro-approved solution to keeping you secure in the future.
Scroll horizontally to view full table on mobile devices
|Local Storage Option||✓||✓||x||✓|
|Password Generator Function||✓||✓||✓||✓|
|Live Chat Support||x||✓||x||x|
|Ease of Setup||★★★★★||★★★★★||★★★★★||★★★★★|
|Help & Support||★★★☆☆||★★★★☆||★★★☆☆||★★★☆☆|
|Value for Money||★★★★★||★★★★☆||★★★★☆||★★★★☆|
|Cost per year||$36||$60||$24||$30|
|Discounts Available||See Deals||See Deals||See Deals||See Deals|