You might have seen the news of a database leak containing 184 million passwords tied to accounts from Microsoft, Google, Facebook, Instagram, Roblox and other organizations.
The report by cybersecurity researcher Jeremiah Fowler on Website Planet says login credentials for bank and financial accounts, health platforms and government portals from numerous countries were also exposed. The data was left unprotected by an unknown database owner and then accessed by cybercriminals via infostealer malware.
Although the database has been removed from public access, the damage is seemingly done. So what should you do if you think any of your login credential data was compromised?
A percentage of the login credentials in the 47.42GB file are likely outdated. But some passwords and usernames may still be active. In fact, Fowler wrote in his post that he emailed multiple people whose information was in the database and they confirmed the emails and passwords were still in use.
How can I protect myself from this data leak?
If you think you were impacted by the bad actors who accessed this database, here are a few steps you should take as soon as possible to limit the potential damage.
Change your password
It’s good to get in the habit of changing your passwords regularly. Your new passwords should be unique from other accounts. This thwarts a cybercriminal’s ability to take over several of your accounts by using the same exposed login credentials. Keep in mind that the longer the password is the better, because it’ll make it harder for bad actors to crack.
Start with account passwords we know may have been impacted in this data leak like, Instagram, Facebook, Google or Roblox. From there you can update other passwords to sensitive accounts you haven’t updated in the past year.
Consider a password manager
If keeping track of all your different passwords is too cumbersome, you can sign up for a password manager. CNET recommends Bitwarden.
Password managers create unique passwords for every online account you create and will scan the dark web for any compromised passwords. They even guard against phishing attacks by not autofilling passwords on suspicious websites.
Turn on two-factor authentication
You should turn on two-factor authentication for every online account you have. When a bad actor attempts to log into your account, you will receive a text message or email with a code to verify it’s you logging in from a new device.
Be aware of phishing attacks
Cybercriminals will use stolen data to target potential victims via phishing attacks. These can occur over phone, text, email and even direct messages on social media. Do not click on any suspicious links, download files or scan QR codes from unknown sources.
You can’t stop your data from being compromised in a leak or breach, but identity theft protection can monitor your information on the dark web and alert you if something is awry.
