21,222,975 passwords. 772,904,991 email addresses. This user data was stolen sometime, compiled and made available as a record called "Collection # 1" on internet forums, as the IT security expert, Troy Hunt, reported on his blog. The number of published email addresses is almost twice the population of South America!
Hunt collated the data and speculates that it was intended for so-called "Credential Stuffing." This is the automated use of uncovered username and password combinations to gain access to user accounts and, if necessary, to take them over completely.
What can I do if my credentials have been stolen?
First things first: keep calm. We've put together five tips to help you better protect your access data:
1. Change password immediately
If you are affected, then you should change your password immediately, and with all services where you use the password. Make sure not to just change the password slightly and that it meets proper security standards.
2. If necessary inform the provider
If you do not have access to the affected user account, contact the provider immediately and ask for help.
3. Enable two-factor authentication
To further protect your online accounts, you should use two-factor authentication, at least for critical accounts such as email or payment services. This is a password protection consisting of a password and a separately created PIN. When logging in, the PIN will be sent separately, either as an SMS or in a security app on your smartphone, and must be entered in addition to the password. Many providers provide this service as an additional security measure.
4. Use password manager
With the help of a password management tool, you can create passwords for various online accounts and deposit them securely. Only one master password is required to access all your login information.
5. Comply with cyber hygiene; repeat data security check!
Check whether there are new updates for your operating systems, programs and devices. It is also worth repeating the data security check at regular intervals. Just because you've been lucky one time does not mean you'll be spared the next time around. By the way: for Pro and Premium customers of Perseus, the data security check is available in the customer area.