Last week, a new data breach of humongous proportions has just been made public.

This is a summary:

  • Email addresses and passwords totaling 2,692,818,238 rows
  • 1,160,253,228 unique combinations of email addresses and passwords, all plain text.
  • Unique email addresses totaled 772,904,991
  • There are 21,222,975 unique passwords (that’s too many reused passwords!)

How Serious Is This?

The database seems to have been put together for credential-stuffing attacks, in which hackers rapidly test email and password combinations at a given site or service. This is typically a fully automated process which preys especially on people who reuse passwords across multiple sites on the internet. In other words, we expect more effective attacks and we must take the necessary precautions to protect our organizations.

Cortelco recommends its customers to take immediate action in planning the automation of credential management and in a security awareness program for employees. For now, you should consider updating your most important personal credentials. Be careful before changing passwords, plan it first and take the necessary steps before doing so. If you need help, ask for it!

Find out if any of your organizational or personal users are exposed in this brand-new humongous data breach.

Troy Hunt, the site admin of Have I Been Pwned has loaded all this information in and there is lots more detail about this new breach over at Troy’s Blog.

Some Tips:

  • Don’t use your login name in any form (as-is, reversed, capitalize, doubled, with a prefix, with a suffix…);
  • Don’t use in any form your first or last name and, more generally, any information easily obtained about you. This includes car license plate numbers, telephone numbers, insurance numbers, the brand of your car, the name of the street you live on, the name of your spouse or of your children…;
  • Don’t use a word contained in any dictionary of any language, spelling lists, or other lists of words (acronyms, sequences of letters like ‘abcdef’ or ‘qwerty’, place names, car names, cartoon heroes…);
  • Don’t use the same password for other sites. Better, have one distinct password for every other site.

Contact us today to know how Cortelco can help you automate these processes!