But it can still be scary when it happens to you. White hat hackers CyberNews recently discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018.
Even given the scale of leaks and hacks that have happened over the past few years, such as the Yahoo 3 billion account hack, CyberNews says this is a huge leak even by today’s standards. The number of email addresses available is particularly significant as the researchers say that often an email address is “the first avenue of attack against an unsuspecting target and can conceivably cause the victim significant harm down the line.”
This unsecured bucket of data was hosted on an Amazon S3 server and exposed for around 18 months in total before Amazon shut it down in June. CyberNews says it’s unclear if malicious actors accessed the data, however, anyone who knew it was there could have downloaded the files.
Often, attackers can combine a leaked email address with other data breaches available and use it to build a picture of the target, which can lead them to gain access to a victim’s other online accounts and even bank accounts.
“In the worst-case scenario, an exceptionally successful phishing or social engineering attack can lead to identity theft, whereby attackers accrue so much personal data from their target that they are then able to take out loans in their victim’s name,” said CyberNews.
As CyberNews is an ethical hacking organisation, it has put together a personal data leak checker for people to see if their email address has been exposed in this breach or another one. Have I Been Pwned, run by security researcher Troy Hunt, also offers a similar service. Hunt’s platform contains nearly 9.8 billion records from corporate data breaches, including Dropbox, Yahoo and LinkedIn.
If you have been affected by this leak or another data breach, CyberNews says you should change your email password straight away, as well as any other online accounts that used the same password. Make sure it is a strong one, a strong password generator can help you out if you can’t think of one yourself, and store it in a password manager like LastPass or use the ones provided by Google and Apple.
Hacks, breaches and leaks happen all the time online, the important thing is to take steps to secure your digital life as much as you can.
This article originally appeared in Evening Standard.