HKCert
Security Blog

Security Advisory: Online Account Security

Release Date: 18 / 01 / 2019
Last Update: 18 / 01 / 2019

A security researcher, Troy Hunt, found that 87GB dump of user credential data were recently posted to an underground forum. The data included 773 million unique email addresses and 21 million unique passwords, and some passwords were in plain text. There was indeed no new data breach nor cyber attack incidents.

 

Although the volume of the data is huge, they were combined from various past leaked data from different sources. Most of them were at least 2-3 years old. 

 

While this data breach incident did not result in new impact to the public, we would urge the public to enhance password security in order to protect the security of their online accounts.

 

Precautionary measures:  

  1. Secure the accounts of your email, financial services and social network in first priority. Email is usually used in confirmation of online services registration and password reset service. So its security is essential to other online services. Compromising of financial services and social networks may result in financial loss and identity theft. 
     
  2. Consider using password manager service/software to better manage your passwords.
     
  3. Secure your online services with strong password, and use multi-factor authentication if it is provided. Here is the procedure for the setup of multifactor authentication for some popular email services: Yahoo, Google, Microsoft.
     
  4. Change password periodically, especially for critical accounts, such as email accounts, social network accounts, online banking and others payment facilities accounts. Do not re-use the same password in different online services.
     
  5. Beware of any phishing websites and emails which ask you to provide your login credentials.