For sale: 360 million email passwords. Is yours one of them?
Hold Security, a Milwaukee outfit that helps businesses stay secure, found millions of email passwords for sale while researching the black market sites that sell them. They announced the 360 million figure earlier this week.
“In the first three weeks of February, we identified nearly 360 million stolen and abused credentials and 1.25 billion records containing only email addresses,” says the announcement.
Securing your email password is particularly important, because most services use email to recover forgotten passwords. This means that, once a criminal has access to your email, they can get access to all of your other services – including your bank – easily.
360 million stolen credentials found floating on the blackmarket as we announce our Credential Integrity Services http://t.co/4K7GZCZT1x
— HoldSecurity (@HoldSecurity) February 26, 2014
Your email might be among the passwords currently for sale, but if change your password now and you’ll be safe. How else can you defned yourself from such leaks? Here are a few tips.
Change your email password, regularly. Also make sure you’re using different passwords for different services. Read our password management guide for more information about why this is necessary.
Turn on two-factor authentication for your email. With this on, your password isn’t enough to access your email: you’ll also need to type a code sent to your phone. It can be annoying, but the security benefits are obvious: any criminal with your username and password will be unable to log into your account.
We have outlined what two-factor authentication is, and why you should use it. At this point most major email services offer this service, and you should turn it on if at all possible – it’s a great way to keep your data secure.
Interested in the online black markets where criminals sell everything from passwords to credit card numbers? This Planet Money episode is well worth a listen.
Feel free to talk about how you keep your email secure in the comments below.