Expand / Collapse search

2 billion logins affected in possible record-breaking data breach

Published  January 17, 2019 6:46pm CST
News
FOX 9 Minneapolis-St. Paul

(FOX 9) - The internet world is buzzing about another data breach and there’s a chance this one could affect your personal email.

If you use the same email and password to access a number of different websites, you are especially vulnerable and need to change your password now.

Wired.com and other tech sites started reporting on the breach this morning. It's being called "Collection #1."

As data breaches go, this one could be record-breaking.

“It’s pretty big and it’s pretty important,” said Benjamin Brooks, of Beryllium Infosec. “Two billion passwords and addresses and the logins to other sites have been breached.”

Brooks is a cyber-security expert for Beryllium Infosec, an internet security company. He says there’s a good chance your account may have been compromised.

There is already a free website to check if you have been affected. It’s called HaveIBeenPwned.com and it is not a phishing site.

All you do is type in your email and, if it is on the list, you simply need to change your password.

Brooks says the key is to make your password as long as you can remember, but at least 12 characters. Beryllium Infosec recommends taking password security steps on its website

“I give the example of pick the website, pick a favorite thing, pick a number for the year. Use the name of the website in your password, that’s OK. But don’t put it together. Break it up. Mingle it in your favorite thing number and characters and so if you mix all of things up in a way you know it’s mixed. You can use that as your password, you’ll be able to remember it and you won’t even have to write it down,” he said.

Brooks also recommends using multi-factor authentication to get into your email. Google, Yahoo and Microsoft all offer it, but you have to opt in through your app or online.

“It sounds really scary, but it’s free for most email services and so, turn it on, download the app and all you have to do in most cases is point your camera’s phone at the screen and it will give you the little code that you can punch in. Or, in some cases, it will simply ask you from the app, ‘Hey, are you actually trying to log in?’ You click, ‘Yes’ and you’re done,” Brooks said.

A lot of people use online password keepers. Keep in mind, however, that those too can be hacked.

Here is another resource you can use to check the security of your password.