Data breaches have been happening from popular sites such as LinkedIn to lesser known sites. Almost everywhere we are leaving our email address and password, and now a whopping 773 million breached emails and passwords have been publicly posted and this fact has been now publicised by researcher Troy Hunt this week.
Troy Hunt says that this biggest known online breach ever and this has now been posted on the popular cloud service MEGA for anyone to see. This means you and I can access millions of email addresses and passwords and more importantly we might be victim of this too; our email addresses and passwords might be among the 773 million publicly accessible emails and passwords. In fact we did a quick check with people, and to our astonishment, some of our known people's email addresses were posted too.
HOW DO I CHECK whether I am exposed?
It is easy to check whether your email address has been exposed.
1. Go to the website https://haveibeenpwned.com/
2. Type in your email address and press the button
If you get the "Good news", your email address is NOT one of the 773 million.
If you got the "Oh no - pwned!" - this would mean your email address is one of the 773 million and exposed.
The results also show from which site your email address has been possibly exposed. Most times its more than one site and if you're lucky, it's not in there.
You can do the same check for your passwords, whether your passwords have been exposed.
1. Go to the website https://haveibeenpwned.com/passwords
2. Type in your password and press the button.
Similar to your email address, you would have also get the results whether your password is in the exposed data or not. However, we recommend never to try the password.
WHAT can I do now?
At the end, it does not matter whether your email and/or password is exposed or not. Now is the time to change the password. And also enable what is called as 2 Factor Authentication. This is an additional extra layer of protection for protecting your password.
Following some of the password best practices:
There are some best practices you can do to keep your password secure.
1. Do not use regular words. Always use random letters and a combination of letters, numbers and special characters such as $ # and more.
2. Change your password at regular intervals. Ideally once in 3-4 weeks.
3. Enable 2 Factor Authentication. This is the extra layer of security in which you have to enter a SMS code or some other unique code in addition to your password to access the service.
4. Add your mobile number to the email service, in case your account has been hacked, this is a good way to regain access.
5. And one more thing, can't believe we are saying this, but a lot of us just does it anyway. Don't share your password with anyone.