We have received data alerting us that the previous release of 770M e-mail address and password combinations has been amended with a new, public release of data, bringing the total to 2.2B unique e-mail address and password combinations. This amount is nearly 30% of the World’s population. We do not know if this is the end of the particular data-set release, but we do know that this is repository release numbers 1-5.
HOW TO CHECK
In the immortal words embossed on the back of The Hitchhiker's Guide to the Galaxy: DON’T PANIC!
Our go-to checking site has not had an opportunity to put the published data into a database, so I encourage you to use the following source: https://sec.hpi.de/ilc/ a signed e-mail will be sent to the e-mail address in a matter of minutes with the found data;
If the submitted e-mail address is found to be on the AFFECTED SERVICE: Unknown (Collection #1-#5) continue to WHAT TO DO. Be sure to check any old e-mail accounts that may still be alive, but are may be going unused.
WHAT TO DO
Make a list of your most sensitive accounts that:
Are the actual e-mail account tied to the address
May contain personally identifiable (Tax ID, Driver License, Passport), financial, insurance, property or health data;
Use the compromised e-mail address as your username;
DO NOT utilize Multi- or 2-Factor Authentication
Once you have your ranked list, login to each of these sites (starting with the e-mail account itself) and change your password to a secure password:
Contains at least 8 characters
Contains 1 of each:
Is NOT a dictionary word or proper name or variation of a dictionary word or proper name using the strengthening characters listed in 5b.
Enable Multi- or 2-Factor Authentication for the account;
Continue to the next account making sure to NOT re-use any one password across multiple sites.
We recommend the use of a password vault or management solution. We highly recommend LASTPASS for home, families and businesses.
Client firms or partner businesses interested in LASTPASS, should reply to this message. Regulated industries required that advanced security policies be implemented and this needs to be discussed. Businesses, especially our active client firms, SHOULD NOT sign up for any LASTPASS account without first discussing with me.
As always: please reply with any questions for your firm or feel free to refer your clients and customers to firstname.lastname@example.org with questions or concerns of their own. We’re always willing to assist anyone with Cybersecurity concerns.