Ultimate magazine theme for WordPress.

What to do if your organisation suffers a data breach

0 363

By Sunil Sharma, Managing Director – Sales, India & SAARC, Sophos

The Have I Been Pwned? (HIBP) website has revealed another huge cache of breached email addresses and passwords discovered last week circulating among criminals. Named “Collection #1”, its statistics are as impressive as they are worrying: 87GB of data, 12,000 files, and 1.16 billion unique combinations of email addresses and passwords.

After cleaning up the data, Hunt reckons 773 million email addresses are unique, as are 21 million of the passwords, which is to say appearing in unhashed form only once within the cache. Hunt said the data was discovered by “multiple people” on the MEGA cloud service being advertised as a collection made up of 2,000 or more individual data breaches stretching back some time.

What to do?

1. Check if your email is breached

To check whether your email addresses are in this cache (or any previous breach discovery), run a search using HIBP. In case your email address was found in a data breach where passwords were also stolen, such as the recent Quora data breach, then change your password for that site, if you haven’t already. Of course, the sooner you change your password the better.

2. Email alerts for better security

Signing up for email alerts gives you a chance to respond swiftly to future compromises or you could also use a browser or password manager that is integrated with HIBP.

3. Know if your password has been comprised

If you want to test if your go-to passwords have been involved in any breaches, HIBP has a search tool for that too – Pwned Passwords. You enter a password and the site tells you if it’s appeared in any breaches. For example, Pwned Password search revealed the incredibly weak password ‘elvispresley’ has appeared 3,800 times in its database which means that anyone using it should use something else asap. NakedSecurity constantly investigates breaches and advises users on cybersecurity best practices.

4. Prevent yourself from becoming a victim, Use a password manager

To give your passwords the best possible chance of not appearing on Pwned Passwords, use a properly secured password manager that will create and store secure passwords.


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Advertisement

Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.