In the last year more than 642 million account details have been breached and leaked on the internet from services such as Tumblr, LinkedIn and Myspace; to name just a few.
If you are concerned that your credentials may have been exposed in the past then you can check this against a comprehensive list of previous breaches at haveibeenpwned.com.
Criminals are using the leaked data and extending attacks taking advantage when the same username and password from one of these services have been re-used elsewhere
This can lead to cases similar to iCloud, where users have had their devices maliciously held to ransom and wiped through iCloud after their account credentials were exposed, likely through using the same password on sites less secure than Apple's that were subsequently breached.
You can reduce your risk of this occurring in three simple steps:
- Ensure every set of account credentials that you create on different sites/services is different. Never re-use your passwords!
- Use strong passwords with a mix of lowercase & uppercase letters, numbers and symbols.
- Where available, make sure you use two-factor authentication. This is available for a number of services, including Facebook, Twitter, Google and iCloud, just to name a few.
By following these steps then should your account credentials be exposed in a future breach then you’ll only have to change your credentials for that specific service and you can rest-assured that your unique credentials for other sites and services will remain safe... for now!