273 Million Email Passwords for Sale

The story that just broke yesterday is that a cyber-criminal, calling himself "The Collector" has a list of millions of of passwords for Gmail, Outlook.com, and Yahoo accounts that he's willing to sell or even give away.

I don't doubt that this is true. This story is notable primarily because of the large number of credentials involved. Otherwise, THIS OCCURS ALL DAY, EVERY DAY.

It's extremely unlikely that Microsoft, Yahoo, and Google have been hacked. Rather these passwords have been collected by keyloggers and other malware residing on people's computers.

Best practice says to use a different password for every site. This isn't as hard as it seems if you use a password strategy and password vault like LastPass.

For those unwilling to go to those lengths, here's a bare minimum you need to do:

1. The passwords of any email accounts you have should be different than any other password you use. Email is the de-facto secondary form of authentication for many other services, so it should be highly protected. (Anyone who has access to your email can reset your password for almost any account you have.)

2. The passwords for any services linked to financial accounts or personally identifiable information should be different from any other password you use. This includes Facebook. You can now send money through Facebook messenger (if you set it up). Also, Facebook can be used as a login mechanism for many other sites.

Of course, if you want a professional company watching your back, I'm happy to talk to you about our IT services.

Stay safe.