Yahoo: 2016, 3 billion user accounts and passwords.
MySpace: Unknown date, 360 million user accounts and passwords.
LinkedIn: 2012, 165 million user accounts and passwords.
Dropbox: 2012, 68 million user accounts and passwords.
You may have been among the millions or billions of people whose accounts were compromised in these security breaches, your username and password leaked onto the Internet for others to find. Because these events are so common, many people don't even bat an eye at these types of privacy breaches.
Indeed, the saying has become "it's not a matter of 'if,' but rather a question of 'when.'"
What's particularly concerning in these and similar cases is that the bad actors who gain access to the credentials may try to use those to access other sites. With a simple script or automated tool, it's possible to try thousands of credentials on thousands of websites in a matter of minutes. In that case, trying to "crack" a single password is no longer even necessary.
Using the same password on multiple sites puts you at greater risk of that domino effect. If one site is breached and your credentials are leaked into the wild, it may only be a matter of time before someone uses those same credentials to access your accounts on other sites. And it's possible those other sites will house additional sensitive information that could further compromise your online identity.
So what can you do? If you are using the same password on more than one site, stop and set new passwords now. Eliminate duplicates to protect yourself from the domino effect. Also consider these tips on how to set complex passphrases that are easier to remember. The ultimate goal should be to set a unique passphrase for each account.
October is National Cyber Security Awareness Month.