A security researcher recently found a publicly accessible database that contained 149 million stolen credentials. The data contained millions of records for Gmail, Facebook and other sensitive services. While they were unable to determine the owner of the data, they did successfully get the hosting provider to remove the service, preventing others from accessing the data further, at least from that location.

While attackers stealing usernames and passwords and distributing them widely is troubling, there are still ways to protect yourself. Use MFA (multi-factor authentication) on all your accounts so that, even if a hacker has your password, they can’t access your account without your approval. Also don’t reuse passwords across accounts. This limits the impact of having a password stolen or leaked, as it will only work for that one site. Password managers are a great tool to make it easy to keep track of several different passwords. If you’re interested in more login security tips, please check out Brad Herring’s recent post about 8-character passwords.