773 million email addresses exposed in ‘mega data breach’

Well here we go again.  Another data breach.  

773 million email addresses and passwords  And we thought 87+ million of Facebook’s Cambridge Analytica’s data breach was big. That was just a drop in the bucket.

It’s not enough that we have had to put up with privacy breaches with Facebook, Google, Amazon, and more but now a data security breach has occurred with MEGA, an iCloud storage and file hosting service based in Auckland, New Zealand.  

According to Wikipedia, MEGA claims it has over 100 million registered users in over 245 countries and over 40 billion files have been uploaded to it. This security breach involves over 2000 websites.

The breach was reported this week by Troy Hunt who is a security researcher/expert and the Australian regional director for Microsoft security  He says that MEGA’s platform was popular on hacking forums.

However, Hunt reports that MEGA has since removed the data but its not clear how long the data has been available to be seen by anyone with an internet connection.

Hunt published the breach on his website: “The unique email addresses totaled 772,904,991. This is the headline you’re seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP). It’s after as much clean-up as I could reasonably do and the source data was presented in a variety of different formats and levels of ‘cleanliness.’ This number makes it the single largest breach ever to be loaded into HIBP.”

You can go to Hunts website and check for free if your email, password appears on the list.

“In terms of scale, this enormous trove of email addresses and unique passwords is monumental. Hackers could have accessed this data at any point,” said Ruchika Mishra, director of products and solutions at Balbix, a security firm in San Jose, Calif.

Computer hackers use various forms of malware commonly referred to as bot or bots and keep testing emails and password combinations over and over again until they get a way in eventually to your private data

This why it’s so important to change your passwords often with a two-factor authentication security or use a password manager, advises Bill Evans, a vice president at California security firm, One Identity.

With a two-factor authentication, after putting in your email and password, you would receive a code by email or text to input at the website log-in.

This is particularly important with banks and Evans says if your bank offers it, use it.  If they don’t, switch to a bank that does.

Evans recommends the following password managers such as LastPass, 1Password or Dashlane.  But even if you do use these apps, it would be wise to change your passwords. And even wiser to use a notebook to record your password changes.

Hunt writes that, “The real risk posed by incidents like this is password reuse and you need to avoid that to the fullest extent possible,.