Security firm Hold Security LLC is reporting that a cache of 360 million account credentials are up for sale on the black market. Of the 360 million identities, 105 million of them may be from a single data breach, the size of which rivals Adobe’s breach (153 million) from October 2013. Also on sale are 1.25 billion email addresses, a veritable treasure trove for spammers. In this particular case, the account credentials up for sale seem to be mostly comprised of account logins and unencrypted passwords, an important distinction as any buyer can immediately start using the data versus spending time unencrypting passwords.
What this means for you:
Given the sheer volume of account credentials compromised it’s highly likely one or more accounts you use is somewhere on that list, as well as the passwords associated with those accounts. According to Hold Security, they believe the organizations from whom this data was stolen are still unaware of the breach, so it’s even more likely you will be the last to know if you have been compromised. Rather than waiting around, I recommend changing your passwords on all your important online accounts to much stronger, randomized ones, such as can be created and managed by programs like internet-based LastPass or Passpack (my personal choice), or if you prefer to keep your passwords closer to home, desktop programs like Roboform or 1Password.
Image courtesy of Creativedoxfoto / FreeDigitalPhotos.net