Update 16 Jan 2019
Security researcher Troy Hunt reports a huge leak of 773m leaked email addresses, including 21m unique email/password combos. This will be one of the biggest bubbles in the data-leak-top-list right away.
What to do now?
- Check your email addresses in the HIBP database (“Have I Been Pawned”) if they appear in any so-far discovered leak, including this one.
- Put your email address in the free HIBP notification service which will inform you in case your email address will be affected from future leaks.
- If in doubt about any specific password, check your passwords if they appear in any discovered leak. (Normally, you should NEVER, NEVER EVER post any password anywhere on the net, but Troy Hunt employs the concept of k-anonymity which makes sure that no clear-text will ever be revealed to any third party -not even the HIBP service itself. In the end, it is a matter of trust.)
- If not already in place, go ahead and use a password manager like BitWarden, LastPass, or 1Password.
Beyond that, you should consider using unique yet easy to remember passwords for every single service you use. This will save you hours of work and some sleepless nights easily, just in case 🙂