BELL MAIL breach may have exposed over 1 million new email addresses [RECAP]:
Earlier this week, Bell confirmed that email addresses belonging to about 1.9 million customers and 1,700 phone names and numbers were stolen by”an anonymous hacker.”
Aside from informing affected clients in an email Tuesday morning, the business has not said much since. While it’s still not clear how the violation occurred, or if it took place, the offense doesn’t appear as awful as it might have been. Luckily, there were no passwords or financial information leaked.
But there’s still a lot which could be done with the email addresses that were obtained, mainly by spammers and those who run malicious tactics.
According to the breach-tracking Site Are I Pwned? 60 percent of these email addresses contained in the Bell breach were fresh. In other words, they had not been leaked in any of those previously leaked databases that are indexed by the site.
That means enterprising spammers and phishing attackers potentially have more than one million new email addresses at their disposal.
What can you do? Not much, unfortunately, now that files containing the email addresses are available online. If you are not hoping to get a record or link from a friend, by way of instance, pay more attention to things like the sender’s email address, or the URL in your browser address bar — either of which can be cleverly crafted to appear legitimate, but might be imitation.
And in case you haven’t already, have a look at Are I pwned? Yourself. Computer security expert Troy Hunt operates it — in other words, it’s not some fly-by-night operation — also enables you to determine how many times your private information was leaked in previous data breaches affecting sites like MySpace & Linked-In.
If your email address has been leaked in a prior data breach, it is a good idea to change the password to your Bell account also, just in case. If you used a password on your Bell account that’s the same as on a website that previously had its customers’ passwords leak, a determined attacker might have the ability to use that information to access your Bell accounts, also — which likely contains even more personal information about you than what was indeed leaked this week.