Collection #2 – 2.2 billion passwords leaked!
The Collection #2 leak is huge compared to its predecessor. Under the name the Collection #1, almost 773 million email addresses and passwords were leaked on the 17th of January 2019. Troyhunt wrote, that the login information had been posted on a hacker forum. Thus available for anyone to see.
Now the new leak that has surfaced have been dubbed the “Collection #2-#5”. According to PCWorld and Wired, more than 2.2 billion usernames and passwords have been leaked and the data is flowing around freely on the web.
In other words – 2.2 billion passwords are available to everyone that look into the ‘Collection #2’-document – you and me included.
Are you sure that your data is not among it and flowing around freely for all to see?
In HTML24, we have looked at our own passwords. Luckily, our work passwords are still OK, but many of us, could find our personal passwords included in the Collection #2.
It is actually highly likely that your personal password, could be found in that document. With more than 2 billion email addresses and passwords loose on the net, the chance of your passwords ending in the hands of a potential attacker is quite high.
You can make a quick check whether you have been affected by the Collection #2 at HaveIbeenpwned. This website is according to Wired integrated with 1Password, a known password manager.
PCWorld suggest using a tool from the Hasso-Plattner-Institut (HPI). With this you can acquire more specific data through the HPO Identity Leak Checker.
However, HPI, will need your email to generate a list of which of your information is running around in the wild.
What to do?
If you are among the misfortunate people whose data has been leaked, then you should do the following:
- Change your password immediately
- Enable two-factor authentication
- Make use of a password manager, for instance 1Password
What would it mean to have your password misused?
Free access to your username and password in plaintext can be dangerous. Any potential attacker with malicious intent can misuse your personal information and email.
It is highly likely that an attacker would use your email to scam your personal contacts disguised as you.
Spreading a virus would also be possible, to gain access over your computer or your contacts. In the end, this could have consequences for your social life and economic situation.
Would you like to learn more about cyber security, then head over to our previous blog post “Do you have strong cyber security”. Learn more here about digital security and which techniques you can adopt to secure your business.
Here at HTML24 we provide security, not for your employees and their personal computers, but for our clients’ websites and web apps. For examples, consider reading our customers cases on the Danish State Hospital (Rigshospitalet) or the trade union, HOD.
Are you seeking a digital agency to implement higher security or build a website for you? We would love to assist you in finding your next solution. Whether it is a website, webshop or making your systems more stable through our unique integration platform. We are here for you!
Don’t hesitate! Contact us now in the field below.