Massive Data Leak Affecting Twitter, Linkedin, and More—What Should You Do?

GECU Voices brings you guidance and insight from experts within the Credit Union. Today’s blog post was penned by Austin Vaive, Information Security Manager. 

Cybersecurity blog Cybernews.com recently released an article reporting a massive data leak that contains information from as many as 26 billion accounts. While this headline is certainly panic inducing, what are the implications for the average person? And what actions should they take to ensure the security of their private information? In this post, we’ll take a quick look at the nature of the leaked information and provide guidance on how to best protect your online accounts.

What’s the risk? 

The first important piece of information to note is that while this leak supposedly contains up to 26 billion records, it mostly compiles information from many previous data breaches into a single dataset. Data breaches and leaks can occur from a variety of sites, but some noteworthy contents of this breach are Twitter, LinkedIn, and Adobe accounts. Even though the individual files contained in this dataset were previously available to cybercriminals, the fact that they are now searchable in a single dataset can pose some additional risk to consumers. 

The largest concern for a data breach of this size is that cybercriminals can use the information to identify individuals that have used the same username and password for several affected sites. This will allow the cybercriminal to infer which individuals are likely to use the same passwords for other, more sensitive accounts, and attempt to log in to them using the passwords exposed as part of the breach. 

What can you do? 

While there isn’t much the average consumer can do to stop data breaches from happening, certain steps can minimize the risk of unauthorized access to your accounts following a breach. Since these data breaches are generally a point in time breach, meaning all the information is extracted at a given point in time, it reinforces the importance of regularly changing your passwords for sensitive accounts. If a data breach occurs, and the password is subsequently changed, then the password exposed in the breach is of no use to a would-be cybercriminal. 

It’s also important to use different passwords for every account, so a cybercriminal can’t use a password exposed in a breach of one site to compromise accounts on other sites. Changing a single digit at the end of your password is not enough. If the password included in a breach is Password6, there’s a good chance the cyber criminal is going to try Password7, 8, 9, etc., until they get it right. 

And lastly, enabling Multifactor Authentication, or MFA, for any site or service that offers it is a great preventative measure for security. MFA ensures that even if the password to an account is exposed in a data breach, the attacker will not be able to access the account with the password alone, since they will need to have access to your phone, or email, to retrieve the authentication code needed to log in to the account. 

If you’re a General Electric Credit Union (GECU) member and ever suspect your account has been compromised, contact us immediately. We’ll walk you through the next steps. As a Credit Union, we’re committed to Improving the Quality of Financial Lives, and that includes providing education about scams to keep your sensitive information safe. Read our Money Minutes blog for more security- and fraud-related content.