How to Stay Safe After the 16 Billion Password Leak

Hackers have reportedly exposed 16 billion login credentials, including passwords, in what researchers at Cybernews are calling one of the largest data breaches ever. That doesn’t mean that you should panic, but you should be taking steps to protect your personal information. 

For starters, it’s important to understand what researchers at Cybernews actually discovered. The 16 billion exposed passwords didn’t originate from a breach at a single company.  Researchers uncovered them over the course of several months in 30 online data sets that were compiled by unknown sources.

The data sets included login credentials for most major online services. “We're talking Apple, Facebook, Google, GitHub, Telegram, and even government platforms. With 16 billion records floating around, it's safe to say almost nothing was left out,” according to Cybernews. 

Although Cybernews claims that data sets were exposed only briefly, criminals can use the login credentials that were leaked to access people’s accounts and possibly steal more personal information. That’s why it’s important to act quickly whenever breaches and data leaks such as this are revealed to protect yourself.

Protect yourself from password leaks

Take these steps to protect your personal information and limit the damage from data breaches.

Check if your personal information has been exposed.  If you use Chrome as your web browser, you can find out if your passwords have been compromised by using the Checkup feature in the Google Password Manager (which you can access by clicking the three dots in the upper left corner of your browser window). Microsoft Edge’s Password Monitor will alert you to compromised passwords. You can use a website such as Have I Been Pwned to find out if your email has appeared in any data breaches. And Carefull includes data breach notifications as part of its comprehensive monitoring platform.

Change your account passwords to prevent thieves from accessing your online accounts—and make sure you use different passwords for every account. Consider using a password manager to generate strong, unique passwords that have a random assortment of upper- and lowercase letters, numbers and symbols. For example, Carefull offers a digital Vault that includes a password generator and stores passwords with military-grade encryption. 

‍Set up multi-factor authentication on your accounts, if you haven’t already, to receive a text message with a code to enter in addition to your username and password when logging into your accounts. Or, you could download an authentication app such as Duo Mobile or Google Authenticator to create unique passcodes that can be even more secure than text message codes.

‍Switch to passkeys. A growing number of companies, such as Amazon, Apple, Google, Microsoft and PayPal, support passkey technology. A passkey allows you to log into accounts with your fingerprint, face scan or PIN instead of a password. It’s safer because it can’t be shared or stolen like a regular password. Check the websites you use to see if they offer the option to use passkeys instead of passwords.

‍Monitor your accounts, credit and identity. After a data breach, keep a close eye on your financial accounts and credit reports for unusual activity. Carefull makes this easy with 24/7 account, credit and identity monitoring that will alert you to unusual transactions, signs of fraud on your credit reports and misuse of your personal information. It also includes up to $1 million in identity theft insurance. 

‍Be alert to scammers. With your personal information, it will be easier for scammers to impersonate your financial institutions, service providers and companies you know. They might call, email or text to alert you to some problem that requires your attention and have just enough information about you or your account that they appear legitimate.  However, you shouldn’t provide any personal information or account information to anyone who contacts you out of the blue. Contact the company directly to find out if it was trying to reach you. You also can use Carefull's ScamCheck to find out if an email or text message you've received is a scam.

‍Watch for signs of identity theft. Even with the protections above in place, remain vigilant for red flags that someone is misusing your identity—such as strange bills, missing bills, and rejected or missing tax refunds. Learn more about the signs of identity theft. 

If you discover that your identity is stolen, report it to local law enforcement and get a copy of the report. You also can report it to the Federal Trade Commission at IdentityTheft.gov and get a customized action plan to repair the damage.

‍