Step one: don’t panic — your good friend Stuff is going to help you through this dark time. Now calm down, check if you’ve been pwned and change your passwords. There, was that so bad?
Troy Hunt, who runs ‘Have I Been Pwned’ (the nifty website that can notify you when your information’s been compromised and let you know which of those weak passwords you reuse all over the place should be retired immediately) has come across a hacker-created database of usernames and passwords called ‘Collection #1’.
The repository includes an insane amount of information, but good-guy Troy has taken it upon himself to sift through the information and find compromised accounts and passwords.
Email notifications have already started going out to compromised accounts — they do go out in batches, so even if you haven’t had one yet there might, um, be one in the post.
If you’re a paranoid (read: security conscious) internet-user and would like to know as soon as possible, head over to Have I Been Pwned and enter your email address. This might be a good time to update all your passwords anyway.
And yes, we know remembering a million strong, unique passwords is impossible, which is why we recommend using a password manager like LastPass, 1Password or Dashlane. That way you only need to remember one really good password and can let the service generate monstrous ones for everything else… the sort of monstrous ones that would make any company’s IT manager proud.