ALERT! A major data breach of close to 773 million unique email addresses and just under 22 million unique passwords has just been exposed on cloud service MEGA. According to Security researcher Troy Hunt, the collection dubbed “Collection #1” totaled over 12,000 separate files and more than 87 GB of data. If this is just one of several collections, the total archive of email addresses and passwords could be significantly higher. More about this hack can be found here.
This continues a disturbing trend in the world of connected clouds and distributed services. In the old days, hackers had to work harder and target many different databases or servers. Now, it has essentially become easier for hackers to get a large payout of valuable information. When everything is stored in a central location, the hacker needs to just attack that one target and if an exploit is found; jackpot. A payout of a connected cloud or a large platform hosting numerous companies is infinitely more valuable and thus presents a more worthy target for hackers and criminals. This was seen very clearly in the large Equifax hack a few years ago and if this trend continues, more and more companies will continue to suffer loss.
What can you do?
1. Check your email: In light of this major hack and the fact that millions of email addresses and passwords have been leaked online, it would be good to check to make sure your email address is not on the list. A site was setup not long ago that checks email addresses. You can access the site haveibeenpwned.com and check your email addresses. If your email address shows up on the list, we highly recommend you change your password. Recent Microsoft security standards recommend more than 8 characters (a mix of upper and lower case as well as special symbols is ideal).
2. Patch Everything: If you work in an organization with any IT-related infrastructure, a good time to run security patching is now. Patching helps prevent security breaches and keeps the hackers from accessing recently discovered exploits. Run security patches on all of your servers, desktops and connected IT appliances.
3. Run Diagnostics: If you have any kind of scanning or diagnostic software, now is a good time to run it on your network and your systems to make sure no open holes exist.
4. Plan a Network Audit: It is good practice to run a yearly security audit on your network. These are great tools that help you determine the overall security of your office environment. Tools exist that can help you with this, but to really get a detailed look, consider consulting a professional. The time and energy you invest in this will pay off in the long run as it will help you harden and secure your environment against threats and hackers. If you want to get started, we offer both onsite and remote services and we always find something. Consider contacting us today.