A spambot computer program has exposed 711 million email addresses and many passwords, according to security researcher Troy Hunt. However, some security experts believe not all of the email addresses and passwords are valid, NBC News reported.
A database that contained the email addresses and passwords was exposed after spammers failed to secure their servers, Hunt wrote in a blog post. This enabled anyone to access and download the information without having to enter credentials.
All 711 million records now are searchable in "Have I Been Pwned?, a website that enables users to search across multiple data breaches to see if their email addresses have been compromised.
How Often Should You Change Your Password?
Many people update their online account passwords regularly, but frequent password changes may prove to be counterproductive, according to former Federal Trade Commission (FTC) Chief Technologist Lorrie Cranor.
Frequent password changes do little to improve security, Cranor told Ars Technica. She also pointed out that regular password changes can make security worse by promoting the use of passwords that are more susceptible to cracking, which is reflected in two recent studies.
A Carleton University study featured a mathematical demonstration to highlight the impact of frequent password changes on cybercrime. Ultimately, the study revealed frequent password changes do little to slow down or stop cybercrime.
In addition, a University of North Carolina study was used to evaluate cryptographic hashes to 10,000 expired accounts that previously belonged to university employees, faculty or students. The study indicated cybercriminals could develop algorithms to accurately predict password changes.
"The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation," Cranor stated. "They take their old passwords, they change it in some small way, and they come up with a new password."
NCSA Offers Password Security Recommendations
The National Cyber Security Alliance (NCSA) offers the following password security recommendations to secure sensitive information online:
- Make your password a sentence. Create a password that contains at least 12 characters. Furthermore, using positive sentences or phrases often makes it easy to remember a password.
- Use a separate password for each account. Separate work and personal accounts and ensure critical accounts have the strongest passwords.
- Write down your passwords. Keep a list of passwords and store it in a safe, secure place; password manager services are available to keep track of passwords.
Two-factor authentication also represents a great option to safeguard information that is stored online, Hunt stated. With two-factor authentication in place, users can make it more difficult than ever before for cybercriminals to gain access to their online accounts.
"If you're creating strong, unique passwords on each service ... and using multi-step verification wherever possible, I wouldn't be at all worried," Hunt noted. "If you're not, now's a great time to start!"
