30th August 2017, CEX the UK secondhand video game & consumer electronics store has been part of a data breach that is rumored to have impacted 2,000,000+ accounts, also a spambot called ‘Onliner’ has also leaked 711,000,000 emails and password combinations including ours! This is similar to the Google, Yahoo, Hotmail and Mail.ru leaks back in 2016.
The compromised data includes personal information such as first name, surname, addresses, email address and phone number, and “in a small number of instances”, encrypted data from expired credit or debit cards. CEX stressed that it did not have any current card data stored for customers’ accounts as it ceased storing customer card details in 2009. The breach affects CEX’s registered website customers only. It said there’s no indication in-store personal membership information has been compromised. In the meantime, if you have an online account with CEX you should change your password. If you use the same password elsewhere, you should change that, too.
How do I learn more about the CEX data leak?
In August 2017, a spambot by the name of Onliner was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump. Includes: Email addresses, Passwords
How can I check if I was part of Onliner Spambot leak?
Visit https://haveibeenpwned.com/ and enter your email address
How can I avoid these sort of leaks/hacks in the future? What should I do now?
- Change your passwords if yours was part of the leak / linked to CEX etc
- Ensure your passwords are not the same for your important accounts (very important)
- Turn on Two-Factor Authentication for your important websites
- Check to see how secure your password is
- Install a Password manager (1Password or LastPass) which will generate extremely secure passwords & store unique passwords for each form
- Get an alias email address for all non-important email
- Learn how to avoid scammers
- The best technique is by having a unique email address and password for each website and use a password manager to store them all (as above).