You are likely one of the 8.4 billion consumers affected by leaked credentials from past data breaches just this past week. Last Wednesday, a 100GB text file leaked by a user on a popular hacker forum containing 8.4 billion passwords, likely gathered from past data breaches. The user tapped into a host of leaked databases from the past, including the Compilation of Many Breaches (AKA COMB list), which revealed more than 3.2 billion unique pairs of emails and passwords in clear text. Fortunately, many of these passwords may be from inactive accounts or have since been changed. Unfortunately, for those that do not regularly update passwords or circulate the same password for all accounts, you may be at risk.

A data leak is different from a data breach. In a breach, unauthorized access to sensitive information is intentional. In a data leak like this one, the sensitive information is left out in the open. Even if this information existed online, undetected by anyone, at least some of it was still captured by search engines.

With a considerable amount of valuable information still online and potentially accessible by cyber criminals, someone may use that information in a malicious way. That will most likely result in a Business Email Compromise (BEC). These types of attacks are typically phishing and social engineering attacks used to gain access to a company’s network or other sensitive information.

To protect your information before something potentially bad occurs, we suggest three preventative actions:

  1. First, you should check if your credentials and/or social security number are compromised by running a dark web scan on your company domain. Simply request it by using this link
  2. Second, you should enable two factor authentication wherever possible. It is extremely important not to rely solely on passwords to protect your information. Two factor authentication is an extra protective layer to ensure that no one else is accessing your accounts.
  3. Last, but most certainly not least, you should regularly change passwords on all accounts and never utilize the same password across multiple platforms. Companies should encourage strong password policies forcing unique password resets on a regular basis. Data leaks are becoming part of the norm and the best way to prevent malicious activity in your account it to ensure that any leaked data is irrelevant and out-of-date.

Data leaks and data breaches are more common every day. Unfortunately, small and medium sized organizations are usually the ones that take the hit. Protect your information and invest in a layered cybersecurity approach.