Troy Hunt, the founder of Have I Been Pwned website, informed on his blog about a disturbing finding reported to him by the users of the aforementioned service. The 87 GB of data included in the Collection #1 archive, which until recently was available for download through the popular hosting service MEGA, contains almost 773 million unique e-mail addresses and more than 21 million associated passwords. The data does not come from a single leak – the file collected information obtained from attacks on thousands of different websites. By entering your e-mail address on the HIBP website, each of us can personally see if his or her data can be found in the archive (and if it has not been leaked before, on the occasion of another hack).
Data leaks are a common problem today. Let's make sure that each of our accounts has a different password and that they are not too easy to guess. We often hear that a strong password is one that has both upper and lower case letters, as well as numbers and special characters. This is not a universal rule. According to this definition, "[email protected]" is a good password. In practice, it is definitely too common (based on HIBP data) and under no circumstances should it be used by anyone.
TWITTER REVEALED PRIVATE MESSAGES AS A RESULT OF AN ERROR
Today we also had a report about a slightly less spectacular case of data leakage. The "Protect my tweets" option in the official Twitter application for Android devices turned off automatically when a user decided to change something in the account settings (e.g. e-mail address). The error was fixed five years after it started to appear. As they say, better late than never.
Each of us uses many accounts every day. Since each password must be unique, how to remember them all without going mad? Password management programs such as 1Password or LastPass come to your aid, thanks to which you only need to remember one password – to the application itself, which will take care of the rest for you. If we don't trust such programs, there's one more option left – write down all the passwords in the notepad (and we mean a real, physical notebook - not in a digital word processor) and keep it under lock and key. No hacker can crack those passwords (unless he is also a burglar and knows your physical address....).