Return to site

COLLECTION #2-5 RELEASED

770M -> 2.2B ACCOUNT CREDENTIALS RELEASED

· BREACH,HACK,EMAIL,PASSWORD,SECURITY

BACKGROUND

We have received data alerting us that the previous release of 770M e-mail address and password combinations has been amended with a new, public release of data, bringing the total to 2.2B unique e-mail address and password combinations. This amount is nearly 30% of the World’s population. We do not know if this is the end of the particular data-set release, but we do know that this is repository release numbers 1-5.

HOW TO CHECK

  1. In the immortal words embossed on the back of The Hitchhiker's Guide to the Galaxy: DON’T PANIC!

  2. Our go-to checking site has not had an opportunity to put the published data into a database, so I encourage you to use the following source: https://sec.hpi.de/ilc/ a signed e-mail will be sent to the e-mail address in a matter of minutes with the found data;

  3. If the submitted e-mail address is found to be on the AFFECTED SERVICE: Unknown (Collection #1-#5) continue to WHAT TO DO. Be sure to check any old e-mail accounts that may still be alive, but are may be going unused.

broken image

WHAT TO DO

  1. Make a list of your most sensitive accounts that:

    1. Are the actual e-mail account tied to the address

    2. May contain personally identifiable (Tax ID, Driver License, Passport), financial, insurance, property or health data;

    3. Use the compromised e-mail address as your username;

    4. DO NOT utilize Multi- or 2-Factor Authentication

  2. Once you have your ranked list, login to each of these sites (starting with the e-mail account itself) and change your password to a secure password:

    1. Contains at least 8 characters

    2. Contains 1 of each:

      1. Uppercase letter

      2. Lowercase letter

      3. Number

      4. Special Character

    3. Is NOT a dictionary word or proper name or variation of a dictionary word or proper name using the strengthening characters listed in 5b.

  3. Enable Multi- or 2-Factor Authentication for the account;

  4. Continue to the next account making sure to NOT re-use any one password across multiple sites.

PASSWORD VAULTING

We recommend the use of a password vault or management solution. We highly recommend LASTPASS for home, families and businesses.

Home Premium and Family (6 users or less) accounts can be purchased here: http://ns-bc.co/lastpass-home-family

Client firms or partner businesses interested in LASTPASS, should reply to this message. Regulated industries required that advanced security policies be implemented and this needs to be discussed. Businesses, especially our active client firms, SHOULD NOT sign up for any LASTPASS account without first discussing with me.

REACH OUT

As always: please reply with any questions for your firm or feel free to refer your clients and customers to support@nsbconsult.me with questions or concerns of their own. We’re always willing to assist anyone with Cybersecurity concerns.