Second, massive Collections leak of 2.2bn e-mail addresses probably has your information
Changing your password, enabling two-factor authentication, and using a password manager are essential responses to the new "Collections #2-#5" leak
1 February 2019 | 0
Like a bad movie, the sequel to the “Collections” data breach – Collections #2-#5 – have snared an estimated 2.19 billion e-mail addresses and passwords, far more than the original leak.
Researchers at the Hasso Plattner Institute have reportedly discovered that that 611 million of the credentials in Collections #2–5 were not included in the Collection #1 database. That brings the total to 2.19 billion, though it is not clear whether some of this information may have been circulated elsewhere, according to heise.de.
What is clear, though, is that with over 2 billion e-mail addresses and passwords on the loose, it is almost certain that one of yours may be in the hands of potential attackers.
What can you do?
Though researcher Troy Hunt, the owner of the HaveIBeenPwned website, has added the previous “Collection #1” database, the remaining ‘Collections’ have yet to be added. The Hasso Plattner Institute has its own Identity Leak Checker, however, which has added the database. The Identity Leak Checker asks for your e-mail (nothing more), then uses that e-mail to generate a list of information that is out in the wild, including your name, IP address, and password, if applicable.
What the Identity Leak Checker can do is tell you if a password has been matched to your e-mail address. What it cannot tell you is how recent that password actually is. It is probably a good idea to change an affected e-mail address password again – yes, again – to something unique.
If it is available, you should also make sure that two-factor authentication is turned on, especially for e-mail addresses that can potentially be exploited to obtain information from other sites that you have access to. Two-factor authentication is not fool-proof, but it provides another layer of security. An even surer way to secure your personal information is with a password manager, which can automatically generate unique, secure passwords for the services you use.
IDG News Service