A new data breach has accessed the personal user databases of 16 online platforms, including Toronto-based photosharing platform 500px.
Approximately 617 million unique accounts are included in the breach, according to The Register. The hacker or hackers stole both email addresses and hashed passwords, as well as account holder names.
The list of affected platforms, ordered by the number of accounts compromised, is as follows:
Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEM, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBael, Artsy and DataCamp.
The individual or individuals who hacked the websites has uploaded the data to the dark web. They’re asking for $20,000 in bitcoin for everything.
In the case of 500px, the website says its database of user information was accessed on July 5th, 2018. To the best of the company’s knowledge, there’s no evidence to suggest unauthorized entry into users’ accounts.
Despite the scale of this most recent data breach, it’s not the biggest. In January, 2.2 billion unique accounts were compromised as part of the Collection #2 to Collection #5 breaches.
Some practical advice:
- If you’re unsure whether your personal data has been compromised, you can check with haveibeenpwned.com.
- If you’re not already using one, a password manager will save you a lot of headaches. Personally, I’m a big fan of 1Password — it’s developed by a great team here in Toronto, and includes a lot of awesome features. However, any password manager will do; other options include Dashlane and LastPass.
- At this point, two-factor authentication is a must. Yes, it can be a bit of a pain to set up, but the benefits far outweigh the hassle. What’s more, smartphone apps like 1Password, Authy and Google Authenticator make it easy to generate one-time passwords for any websites and platforms that support the feature.