Regularly changing your online passwords should be as routine as spring cleaning or a dentist appointment (and just as fun), but many people usually don’t get around to it until it’s too late. You won’t want to make that same mistake this time: According to internet security researchers, more than 560 million passwords have been compromised and posted to an online database. The leaks involve email passwords and login credentials for a number of different online services, all of which have been hacked in the past few years.
The leak was first discovered by Kromtech Security Center earlier in the month, and according to Gizmodo, the claim was backed up by Troy Hunt, creator of the site Have I Been Pwned, which helps people find out whether or not any of their online accounts could have been breached. This leak database is hosted on a cloud-based IP from an unknown user that has been nicknamed "Eddie."
Kromtech researcher Bob Diachenko spoke to Gizmodo and detailed the extent of the leaks. The database consists of 243.6 million unique email addresses, most of which were gathered during a number of high-profile company hacks, including LinkedIn, Dropbox, Last.fm, MySpace, and Adobe.
“That’s astronomically higher than what I’d seen after loading a typical breach (usually 50 to 60 percent),” Hunt said. “[And] as Bob and I discussed, a very large proportion of them have come from existing incidents.”
The database was compiled from different hacks over the last few years—Last.fm and LinkedIn both had major security failures in 2016—so some of the information on here could be out-of-date. Still, that doesn’t mean you should be any less cautious, as this is a gigantic breach.
First things first: Change the password to your email and any other service you’re currently using, including Facebook, Twitter, financials, and retailers like Amazon.
While there is no hard and fast rule about how often to change your passwords—and there's even some doubt about how much good it all does when you do it too frequently—you should at least pay attention to any news about major security breaches. If a store chain, bank, social media service, or government agency gets hacked, your information could be floating around the internet in no time.