Following the news that over 1 million decrypted Gmail and Yahoo accounts have been listed for sale on the dark web, below are some thoughts from Lee Munson, security researcher at Comparitech.com:
“In an ideal world, the fact that someone is selling stolen credentials, pilfered during data breaches from years gone by, should not be any cause for concern because everyone potentially affected would have already reacted in an appropriate manner.
“In reality, however, a great many people may have been put at risk, largely because they haven’t changed passwords that they have reused across several other accounts.
“Given the fact that records are exchanging hands for less than a penny each that poses a great danger.
“If anyone is concerned that their data may be caught up in this, they can check their email address on https://haveibeenpwned.com which will give them the perfect starting point, detailing every account that may have been compromised.
“Next, they should change their passwords on every affected site, choosing a different one for each. Then, they should change their passwords on every other account under their control if they match, less a hacker should find an easy way into them as well.
“Lastly, anyone affected by a breach who has left it this long to respond should prepare for next time, taking simple steps such as installing a password manager and security software, as well as taking some basic security precautions.”
(10)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=1959