The widespread leaking of passwords and credentials is a trend that just keeps cropping up, but while hackers tend to be culpable in these alarming situations, the latest ‘leak’ of some 10 million passwords is rather bizarre. A security researcher released login information of some 10 million users with noble intentions, the crux of this rationale being to help the wider digital community to better understand user behavior. But with the data now out in the open courtesy of a large torrent file posted by said security expert, there’s relative cause for alarm, and if you want to ensure that your sensitive data is not out in the open, check the details below.
Mark Burnett, the security guru that has made headlines for distributing the password information, notes in a blog post that the 10 million sets of credentials are just a sample lifted from a dump containing in excess of one billion. Thus, it’s just a mere drop in the ocean, and while checking your own email address may provide you with a little peace of mind, there’s certainly no room for complacency.
A number of sites have been quickly created allowing users to cross-check their email accounts and ensure that their email accounts have not been pwned, while some pre-existing resources include larger databases containing information on compromised accounts.
If you wish to see if your email is among those leaked in the latest drama, Luke Rehmann has thrown together a Web tool on his site that is primed and ready to identify emails caught up in torrent. To get started, you’ll need to point your browser to rehmann.co/projects/10mil, where you’ll be able to swiftly run your details against all of those that emerged via this torrent file.
Other sites like haveibeenpwned.com let you check your email against a larger database containing stolen credential, and so once you’ve used Rehmann’s site above, you may want to have a look at this one as well.
In the unfortunate case that you have been pwned, your first course of action should be to change the password of the account in question immediately. Moreover – and this also applies to those whose accounts aren’t red-flagged – do pick a very strong password that would be impossible to guess, and if you can, change it as frequently as you can.
You may also like to check out: