Contact Us Today!   314.394.3001   |   info@andersontech.com
Anderson Technologies
  • Home
  • Services
    • Overview
    • Managed IT Services
    • Cyber Security
    • System Administration
    • HIPAA Compliance Services
    • Ransomware Protection
    • Hardware & Software Consulting
    • Cloud Computing Services
    • Web Design
    • Anderson Archival
  • Industries
    • IT Support for Accountants
    • IT Support for Dental Offices
    • IT Support for Financial Services
    • IT Support for Architects and Engineers
    • IT Support for Manufacturing
    • IT Support for Nonprofits
  • Learn
    • What Are the Biggest Mobile Security Threats of 2020?
    • What Are Mobile Security Best Practices?
    • What Does a Firewall Do for a Network?
    • How to Maintain Security When Employees Work Remotely
    • How to Protect Your Data from Ransomware
    • Comparing Mobile OS
    • What Is Phishing?
    • How to Identify Phishing and BEC Scam Emails
    • What Is MFA And Why Do I Need It?
    • How to Reduce Risk and Secure Your Internet of Things Devices
  • Resources
    • Free Ebooks
    • Webinar: Cyber Security at Home: Protecting Your Business & Family
    • Newsletter Sign Up
  • About
    • About Us
    • What Our Clients Have To Say
    • Careers
  • Press
  • Blog
  • Contact
    • Contact Us
    • Free Consultation
    • HIPAA Services Inquiry
  • Help
  • Menu Menu
password breach category 1

Collection #1 Security Breach

January 18, 2019/in Data Security, News /by Marcia Spicer

Here at Anderson Technologies we like to keep our clients updated on the latest cyber security news. We’ve covered such breaches as KRACK and the Equifax hack in the past, and now we’re reporting on a breaking data breach called Collection #1, which affects nearly 2.7 billion emails and password combinations.

What Exactly Is the Collection #1 Breach?

The Collection #1 Breach was first reported January 17, 2019, by Troy Hunt, a cyber security researcher and operator of Have I Been Pwned (HIBP). Hunt named the breach after the root folder—containing over 87GB of data—that was uploaded to a hacking forum. Comprised of around 773 million unique email addresses and 21 million unique passwords, this information seems to have been gathered from databases of personal information from over 2000 breaches as far back as 2008.

“This number makes it the single largest breach ever to be loaded into HIBP,” Hunt states in his blog post explaining the breach.

While this personal information may not be much use to one-off hacking attempts, the real danger comes with a technique known as “credential stuffing.” Gizmodo explains:

Basically, credential stuffing is when breached username or email/password combos are used to hack into other user accounts. This could impact anyone who has used the same username and password combo across multiple sites. This is concerning as the Collection #1 breach contains almost 2.7 billion combos.

How Do I Know if I’ve Been Impacted?

Thankfully, the easiest way to see if any of your email addresses, usernames, or passwords have been affected by Collection #1 is to use Hunt’s HIBP. You may have even used this resource to know whether or not to change a password after past breaches like Equifax!

Hunt has painstakingly cleaned and entered all data from Collection #1 into HIBP’s (safe) search engine, allowing anyone to securely check if any individual user account information was compromised.

have i been pwnd

How Do I Keep My Accounts Safe from Future Breaches?

The nature of these data breaches indicate decoding of previously encrypted account information like email addresses and passwords. Anderson Technologies recommends protecting yourself with multi-factor authentication (MFA), as well as a password manager like LastPass or Dashlane.

“The only way to effectively deal with it is to use MFA,” says Joe Baker, Anderson Technologies Systems Administrator. “I like the MFA standard of something you know and something you have—you know your password, and you have your phone for authentication.

“Everyone should go to haveibeenpwned.com to check their email addresses. For me, after entering my email, I searched for and found my compromised email and old password in a matter of seconds. It’s shockingly easy to get this info once it’s out there in plain text. If it’s something that you care about, protect it with MFA. If you can’t protect the account with MFA, then don’t use that account.”

If you believe information vital to your business has been compromised (current administrator credentials, for example), immediate intervention can help mitigate further security threats. Senior Systems Administrator Eric Dischert suggests the following steps:

  • Update passwords for all affected accounts
  • Temporarily lock all systems until extent of the breach is known and appropriate steps have been taken
  • Ensure proper auditing and logging are running
  • Determine the root cause, impact, and necessary steps to fix
  • Deliver a public announcement (if industry regulations require it) and prepare for corresponding responses
  • Educate employees regarding breach details and lessons learned

As always, consult with your managed services provider to ensure all these steps are completed thoroughly enough to protect your business from further threat. For more information about Collection #1 and the consequences for your personal information, contact us here or at 314.394.3001.

Contact Us

Tags: news, security breach
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
You might also like
Password Safety Cyber Security Change Your Passwords: Follow the Best New Policies
Don’t Hold the Door Open for Cyber Criminals
Cyber vulnerabilities Meltdown and Spectre Don’t Have a Meltdown: Shedding Light on the Spectre/Meltdown Vulnerabilities
Office Depot Pays for False Malware Reports
Best IT Firm 2018
Malware keyRaider iPhones Malware Security Alert: KeyRaider Infects Jailbroken iPhones

Newsletter Signup



Recent Posts

  • Busting Business Email Compromise
  • Listen & Learn: The Keys to IT Innovation
  • Merry Christmas and Happy Holidays (2020)
  • Learn: How to Reduce Risk and Secure Your IoT Devices
  • Rightsizing Now and for the Future

Seeking IT support and managed services?
Get a free consultation today.

Contact Us

  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
ATI Logo
Phone: 314.394.3001
Email: info@andersontech.com

13523 Barrett Parkway Dr
Suite 120
St. Louis, MO 63021



© - Anderson Technologies
  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
HIPAA Part 3: Document! Document! Document! hipaa documentation children using tin can phone voip Ring, Ring! It’s Voice Over IP!
Scroll to top
We use cookies to understand how you use our site. Click Accept to confirm your approval of this, or learn more in our Privacy Policy. Accept Privacy Policy
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.