tidBiTS
Informs and engages the UNB community on IT developments and news

New Collection #1 Data Breach - is your information at risk?

Author: tidBiTS

Posted on Jan 23, 2019

Category: IT Security , Tips and Tricks , General Interest , IT Security Alerts , Design Desk

Earlier this month, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. This aggregate mass of credentials called ‘Collection #1’ has been prominent in the news lately.

ITS analysis reveals that there are UNB email addresses along with passwords (whether or not for UNB accounts) and other information in Collection #1—not surprising considering the enormous scale of the database. Don’t panic. It is important to understand that the contents of this database have been gleaned over several years via many individual breaches from a large variety of online services—the unique aspect here is that these separate data sets have been combined and made available to the hacking world at no cost.

As far as we can determine, there are no current, active UNB account credentials in Collection #1. However, you need to realize that we have no way of knowing what other credentials associated with UNB email addresses have been compromised; social media accounts, online banking and payment services, and many others could be exposed in Collection #1.

How do I know if my information is at risk?

To check if any of your accounts associated with your UNB email address have been compromised by data breaches included in Collection #1 or other incidents:

  1. Visit https://haveibeenpwned.com or check the ‘My Exposures’ panel on your Beauceron dashboard (if you haven’t yet taken the Beauceron cybersecurity training, please do so via the myUNB Portal—click Cybersecurity Awareness)
  2. Enter your UNB email address.
  3. If the site indicates you’ve been ‘pwned’, this means your email address has been affected by one or more data breach and your information might be at risk.
  4. Reset your password for any account associated with the email address you entered.

Essential tips for protecting yourself from data breaches

  • Use a strong and long password
  • Use different and dissimilar passwords for all your different accounts
  • Never share your password with anyone
  • Don’t save passwords within your web browser
  • Use a password protected password manager such as Dashlane
  • Consider multi-factor authentication

Questions?

If you have any questions, please contact the IT Service Desk.