Security News > 2020 > May > Ukraine Nabs Suspect in 773M Password ‘Megabreach’

"Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his 'freshest' offering. Rather, he sort of steered me away from that archive, suggesting that - unlike most of his other wares - Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained."

That's because in nearly all cases, the person who is in control of that email address can reset the password of any services or accounts tied to that email address - merely by requesting a password reset link via email.

If you are the type of person who likes to re-use passwords, then you definitely need to be using a password manager, which helps you pick and remember strong and unique passwords/passphrases and essentially lets you use the same strong master password/passphrase across all Web sites.

The beauty of multi-factor is that even if thieves manage to guess or steal your password just because they hacked some Web site, that password will be useless to them unless they can also compromise that second factor - be it your mobile device, phone number, or security key.

Not saying these additional security methods aren't also vulnerable to compromise, but they're definitely better than just using a password.

News URL

https://krebsonsecurity.com/2020/05/ukraine-nabs-suspect-in-773m-password-megabreach/