It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.
In the news
The popular breach notification service, Have I Been Pwned, added 71 million leaked account credentials from the Naz.API dataset, which allegedly includes over a billion credentials compiled using malware designed to steal sensitive data, including passwords and credit cards. The dataset had been circulating in hacking forums for months but became more widely known when integrated into an open source intelligence platform called illicit.services, which was being used to facilitate cyberattacks. Read more here.
What you can do
- To check if your credentials have been leaked in this dataset, you can enter your email address at Have I Been Pwned. While you’re at it, you can click “Notify me” at the top of the page to receive notifications when the service finds your email address in a new database. If you have found your email in one of these data breaches and the affected account is still active, you’re going to want to change the password for the relevant service right away.
- If you reuse passwords and your credentials have been leaked, internet bad guys will try reusing this password on other websites to see if they can get in — the online equivalent of jiggling every door handle they can find to see which are open to them. This is why we recommend using password managers to create and store more secure, unique passwords so that if your credentials are leaked, the risk is minimized to just the one affected service. Don’t know where to get started? Read our guide to using password managers.
- If your information is in this dataset, it’s also possible that one of your devices is, or has previously been infected with information-stealing malware. You can do something about this! Check out our guide to antivirus and keep your devices up to date to receive recent security patches.
Updates from my team
- We’ve made updates to our guide on choosing the right video conferencing tool for the job, as well as our smartphone security and anti-phishing guides. Check them out!
We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin