Freedom of the Press Foundation
Show Navigation

Oops, all breaches!

Martin Shelton
Dr. Martin Shelton

Principal Researcher

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Screenshot: Have I Been Pwned landing page

Screenshot: Have I Been Pwned landing page. (Freedom of the Press Foundation)

In the news

Data breach notification service “Have I Been Pwned?” has added the login information associated with 361 million email addresses. Have I Been Pwned owner Troy Hunt says as many as 151 million of these unique email addresses have never been seen in his database before. The website boasts tracking over 13.5 billion breach accounts. Some of these credentials are reportedly harvested from users’ devices infected with information-stealing malware. However, some are also collected from previously unknown breach data. Because password reuse is so common, attackers also reportedly tried these credentials on multiple online services to identify additional vulnerable websites. Read more.

Get Notified. Take Action.

What you can do

  • Check out “Have I Been Pwned?” to see if any of your email addresses are affected by this breach.
  • Because we know people tend to reuse their passwords, internet troublemakers will try out a breached password on multiple websites — and it often works! This issue underscores the importance of using unique passwords to isolate the leak when it happens. The easiest way to do that is with a password manager, which will help you to automatically generate, secure, and fill out your passwords on websites and apps. Read our guide to choosing a password manager and how to set up two-factor authentication for beginners.
  • When it comes to slowing down information-stealing malware, the most important practice — the digital equivalent of washing your hands — is just staying on top of your security updates to patch vulnerabilities in your apps and operating system. Make the bad guy’s job harder. Read this post from my colleague David Huerta about the story behind your software updates.
  • Antivirus is not a panacea. Depending on what antivirus tools you use, you could be giving it an undue level of permission over your system, so we generally encourage using the software natively built into your Mac or PC. On Windows, you can run a manual scan with the Windows Security "virus & threat protection” feature. On Mac, these protections largely operate behind the scenes. Read David’s blog post, which answers the question, “What about antivirus?

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin

Martin Shelton

Principal Researcher

Freedom of the Press Foundation

Donate to support press freedom

Your support is more important than ever.
Donate now

Read more about Digital Security Digest

1721934156108

Google backtracks on ad privacy plan

Google has a habit of hitting the brakes on products and features — so much so that it’s become something of a meme to be “killed by Google.” This time it decided to backtrack on its long-standing plan to replace traditional tracking in its Chrome browser.

1721771988326

Beware fraudulent CrowdStrike emails

Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support.

1721233510231

What to do about AT&T breach

Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported.

More posts