Video messaging app Dubsmash recently revealed was breached resulting in over 160 million records being exposed including unique email IDs, usernames and passwords.  Information is already being sold on the dark web as part of a 617 million record package that includes data from 16 other breaches including MyFitnessPal. 

Massive breaches are all the reason we need to once again explain the need for unique passwords that are updated frequently.

Reasons to use unique passwords

  • Bad actors will buy breached data and use the username/password combinations on other websites (Banking, Social Media, Email, Brokerage, etc.)
  • Businesses may have exposure when employees (or their owners) use their business email as their username on a 3rd party site.

For example, Joe Smith, of XYZ Company, signs up for an account with ABC Social Media using their work email and password, which they also use to log into their corporate network, both remotely and when in the office. ABC Social Media is breached, Joe’s username and password get sold on the dark web, and the buyer of that data logs into XYZ Company remotely using Joe’s username and password.

Here's another example: Joe Smith owns AAA Plumbing, and uses the same credential for his AAA Plumbing email, as well as his bank, his brokerage, and his social media account.  Joe’s credentials are exposed when his bank is breached. AAA Plumbing’s social media account is vandalized (vulgar, political extremist, sexist/racist post). Joe’s email gets hacked. Joe’s brokerage account is cleaned out

Ways to minimize exposure from a breach

  • If you are aware of a breach and think your username/password combination was exposed, change it immediately.
  • If you are aware of a breach and think your email address was exposed, and you are using the same password for the site and your email address, change your password immediately.
  • Never use the same password for more than one service or website.
  • Use complex passwords including a mix of upper and lower case letters, numbers and characters.
  • Change passwords on a frequent interval to minimize the impact of breaches that have happened but are not yet known.

According to a global study by The Ponemon Institute, the time between breach until it is discovered is 197 days That’s 197 days when the bad actor can try the username/email/password combinations on different websites and services. Periodically check to see if your email address has been exposed by using a website like www.haveibeenpwned.com/