As we have muttered and groaned (ad nauseum) about many times before, news of massive breaches with huge numbers of exposed details may well be giving us all breach fatigue.
Even former presidents of the United States can be confused by these big numbers, allegedly (with apologies to our dear Brazilian friends):
“Giving Bush his daily war briefing, Donald Rumsfeld ended by saying: ‘Yesterday, three Brazilian soldiers were killed.’ ‘Oh no!’, exclaimed Bush. ‘That’s terrible.’ His staff were stunned by this display of emotion. Finally Bush raised his head from his hands and asked: ‘OK, so how many is a Brazilian?'” (Anon)
To put these mahoosive numbers into perspective, it is still less than 1 million days since Brian was crucified. It really is. Reach for your calculators.
This week the quite concerning announcement that 770 Meeeelion sets of credentials have been discovered out there on zee dark webz (mwahahaha), no biggy, has understandably caught the attention of the press worldwide.
Announced by Troy Hunt, who despite been shamelessly self publicising, provides a great service with his ‘check how borked you are’ site haveibeenpwned.com, this looks very, very bad.
If you were expecting us to say, ‘stand down, nothing to see here, fake news’, you would be very, very wrong. Why? Well, one of our tame, disco-tanned, super talented, part time taxidermist, hacking types has been all over the channels dark and it turns out that the data dump may have been much, much bigger, possibly up to 2.7 Beeellion records.
Whilst these sources can’t always be trusted, this looks pretty solid (we are downloading and checking it). If you fancy dipping your toe into the murky waters, have a look. Please do not blame us for subsequent addiction or any Lewis Caroll type rabbit holes, potions or other distractions.
So what do we think, what can we do?
With numbers this big, it would be fair to assume that you or a member of your family has compromised details published on the Web.
We urge you to do the following:
- Implement multifactor authentication on all online accounts you can
- Install a password manager in your personal systems
- Change all of your passwords on public sites and make them all different (the password manager will facilitate this). Don’t try and be clever by using an incremental number at the end like I4m5m4rt01/02 etc.
- Watch out for failed attempts to login to your stuff
- Tell all of your aged, young and ditsy relatives the above
- Do it this weekend
- Remember the password (and 2fa details) for your password manager
We have been talking about the collected, sorted credential exposure for years, now must be the time to take control of your identity before someone else does.
If you would like to discuss this breach, any breach, or need the number of a dark web addiction counsellor, please contact us at: [email protected] or 020 7517 3900.