560 Million Passwords Exposed Online
Security researchers have discovered a massive database containing at least 560 million email and password combinations from various sources. Security researcher Troy Hunt of HaveIBeenPwned.com, a website allowing users to check if login credentials have been compromised, verified the accuracy of the data and stated many of these credentials were not previously leaked. The security research firm, MacKeeper, provides more information about the discovery here. The NJCCIC recommends all members immediately replace any online credentials for accounts that contain personal, medical, or financial information with passwords that are unique, a minimum of eight characters, and a mixture of upper and lowercase letters, numbers, and special characters. We highly recommend users enable two-factor authentication (2FA) everywhere it is offered. Website administrators are encouraged to implement a 2FA solution available to all account holders to protect against brute force attacks and credential stuffing.