Yet another case of an online security breach, including emails and passwords. See Over 560 Million Passwords Discovered in Anonymous Online Database from Gizmodo.com for full details. In brief, this is what they say:
A trove of more than 560 million login credentials has been exposed by a leaky database, researchers revealed on Tuesday, including email addresses and passwords stolen from as many as 10 popular online services.
The Kromtech Security Center blogged about this and called it the Mother of All Leaks. Among other things, they say there:
Database is 75+ gigs in size and contains data structured in readable json format which included at least 10 previously leaked sets of data from LinkedIn, Dropbox, Lastfm, MySpace, Adobe, Neopets. RiverCityMedia, 000webhost, Tumblr, Badoo, Lifeboat etc.
The lesson here is simple: most likely, your password is already there and somebody might be trying to use this just now. So isn’t that a good time to change it now?
A noted security researcher Troy Hunt made a site called Have I Been Pwned which you can visit to see if your email was compromised and when and where. He has there now over one billion email addresses, all of which have been compromised at some point.
Lifehacker also blogged about this under Change Your Passwords: 560 Million Email Credentials Have Been Leaked with advice at the bottom how to reset your passwords.
May be superfluous to note again that CiviHosting’s servers have never been hacked.