6 tips to protect yourself against data leaks

MANILA, Philippines — Following a data leak which exposed email and passwords and one data breach that happened in the country just recently, a global cybersecurity company shared its take on these breaches and provided tips for users.

Kaspersky Lab cited a recent data leak involving a “massive database” of exposed emails and passwords dubbed as “Collection #1.”

“Malefactors collect the leaked information, creating databases with logins and passwords. Some of them try to add information from every leak to these databases, and that effort results in the creation of gigantic databases such as what www.troyhunt.com called Collection #1,” Kaspersy Lab said in a statement on Monday.

“This database contains more than 700 million unique email addresses and more than 1.1 billion unique login-password pairs from more than 2000 different leaks, some dating as far back as 2008 to most recent ones,” it added.

With this, the global cybersecurity company urged internet users to “apply unique passwords for each of their online accounts to minimize the chances of being affected by data breaches.”

Kaspersky Lab said that data leaks and breaches “happen quite often” and that sometimes “these are huge in terms of risks and possible damages for account holders.”

Hitting closer to home, the company noted a data breach that affected around 900,000 clients of financial services firm Cebuana Lhuillier after it admitted that one of its email servers being used for marketing purposes had been breached.

READ: Data breach hits Cebuana Lhuillier, around 900k clients affected

“This massive collection of data harvested through data breaches had been built up over a long period of time, so some of the account details are likely to be outdated now. However, it is no secret that despite growing awareness of the danger, people stick to the same passwords and even re-use them on multiple websites,” Sergey Lozhkin, a security expert at Kaspersky Lab, said.

“What’s more, this collection can be easily be turned into a single list of emails and passwords and then all that attackers need to do is to write a relatively simple software program to check if the passwords are working,” he added.

Lozhkin also noted that the “consequences” of account access “can range from very productive phishing, as criminals can automatically send malicious emails to a victim’s list of contacts, to targeted attacks designed to steal victims’ entire digital identity or money or to compromise their social media network data.”

Cybersecurity experts added that with the numerous data leaks that have been appearing over the past years, “a lot more are expected to happen in the future.”

Because of this, Lozhkin advised those who uses email credential for online activities to take the following steps as soon as possible:

  1. Use strong passwords, and change them regularly, for your most important or sensitive accounts, (such as internet banking, online payment or social media networks).
  1. Use long and unique passwords for each and every account. This way, if a service is breached, you’ll need to change just one password.
  1. Check if your email account has been exposed online by going to  https://haveibeenpwned.com/  Type-in the e-mail address that your accounts are associated with and you will find out if that address was included in any of the leaked databases that haveibeenpwned.com is aware of.
  1. Enable two-factor authentication wherever it is possible. It will not allow hackers into your account even if they managed to obtain your login and password.
  1. Use security solutions such as Kaspersky Security Cloud that can warn you about recent breaches.
  1. Consider switching to a password manager such as Kaspersky Password Manager that can help create many unique and strong passwords with no need to memorize them. Password managers can also help change the passwords faster whenever you need it. /muf
Read more...