386 Million User Records from 18 Companies Leaked for Free
It was just recently confirmed that starting on July 21, 2020, multiple databases containing the stolen information of over 386 million consumers were posted online in a hacker forum — all for free. The exposed information was stolen from eighteen companies, including Wattpad (270 million user records), Mathway.com (25.8 million user records), Promo.com (22 million user records), and Drizly.com (2.4 million user records) through past data breaches. Many of the 18 companies involved in this data leak have announced security incidents had occurred in 2020, but several remain unknown or undisclosed. The Personally Identifiable Information (PII) in each database varies, but typically contain names, user names, email addresses, and hashed passwords. Hashed passwords can be deciphered, further exposing a breach victim to account takeover and credential stuffing attacks.
Hackers Giving Away Identities
The information stolen in data breaches is normally sold on the dark web for a profit and very rarely shared for free. The posting of these free databases was done for “everyone’s benefit” according to the hacker, which is bad news for personal identities. Although the PII in each database varies, a cybercriminal can easily compare the records in different databases to complete a profile or establish a fake identity with pieces of real information, known as synthetic identity theft. These sensitive personal records are also used to further conduct identity fraud through credential stuffing and phishing attacks. It is critical to safeguard your information by updating your passwords — making sure you do not use the same password on multiple accounts — and turning on two-factor authentication to further protect yourself from account takeover attacks.
4 Tips to Protect Your Personal Information
- Use two-factor authentication whenever possible. Requiring an additional level of security on all accounts and mobile apps can often thwart hackers from gaining access.
- Invest in a password manager. Having one location to safeguard your hard-to-crack passwords alleviates the pressure to remember all logins and empowers you to update site passwords frequently and helps you securely store and create strong passwords in one localized place.
- Monitor the dark web. Although no one can erase your data from the dark web, you do want to know if it’s been found so you can take action to protect your accounts, monitor your credit, and reduce your odds of identity theft.
- Safeguard your device with Mobile Protection. Invest in a mobile program that alerts you of rogue applications, spyware, and unsecured Wi-Fi connections for added security. For IdentityForce members, our mobile app includes Mobile Attack Control to reduce the risk to your identity from mobile threats.
Don’t Wait for the Next Data Breach | Get Protected Now
If you suspect your personal information was compromised in any of these breaches, be vigilant about monitoring your personal and financial accounts.
To truly protect yourself from fraud, sign up for the best identity theft protection that monitors all of your accounts and alerts you, in real-time, to any suspicious activity. Not to mention, IdentityForce offers 100 percent, white-glove restoration with up to $1 million in insurance if your identity were to become compromised.