Disclaimer: The below is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.
2018 was a big year for data breaches, and 2019 started off with news of a massive one: A breach notification service called Have I Been Pwned recently announced “Collection #1,” an aggregation of data that’s been breached in smaller instances, but which add up to 773 million email addresses and 21 million passwords in the aggregate.
What Does This Data Breach List Mean for Me?
This mega list of email addresses and passwords could include your information, and hackers who access it could be doing some credential stuffing. Cyber criminals may have used this master list of breached data to create an automated login attempt with various email addresses and passwords. Identity theft is, of course, another concern with all this exposed data.
The good news here is that this isn’t a single giant data breach. Rather, it’s an aggregated list of compromised email addresses and passwords from a variety of data breaches, with some dating back to 2015. So, you may have already protected your various accounts on websites where you have recently changed your password.
Then again, maybe you missed something. And if so, it may be a good idea to start checking for your email addresses.
Should I Check for My Info?
If you think your information was scraped in one of the many data breaches, there are a couple of searches you can run to start your investigation. Check the mega list here, and see if any of your passwords were used here. Have I Been Pwned is keeping the email addresses and passwords separate for everyone’s safety.
Also, you might want to run a BeenVerified dark web search on yourself to see how much of your information is floating around out there.
What Should I Do Now?
OK, you’ve checked for your information, and now you may be worried or relieved. Whether you found your information or not, it may be wise to operate in proactive mode. You might want to wrack your brain to remember all the places you used an email and password combo, and then go change the password on those websites.
For the best line of defense against cyber criminals who want to steal your logins and passwords, and potentially your identity, you’ll need to create strong passwords, and don’t reuse any of them. So, yes, that means if you have 20 websites or accounts that require a login, you should be using 20 randomly generated, unique passwords.
If you’re unsure whether your name is being used for fraudulent activities, you can run a background search on yourself, in addition to a dark web search. You may find financial information or records you don’t recognize, and if that’s the case, it’s often best to know sooner rather than later, so that you can start contesting anything you suspect is identity theft.