Over 26 billion records were recently exposed due to a firewall misconfiguration. Cybernews discovered these leaked records and broke the story. During their discovery and investigation, Cybernews was able to confirm the majority of the 26 billion records are from previously disclosed data breaches.


Since most of these records were previously exposed, should you update your passwords? Yes, it is still recommended to update your passwords, especially your business critical passwords. This exposure is suggested to also contain previously unreleased records, so it is best practice to consider updating your passwords. Not only that, but it is possible you have the same password from the original breach. See the list below for some of the more popular accounts impacted from this exposure.

  • X (formerly known as Twitter)
  • LinkedIn
  • Adobe
  • Canva
  • Dropbox

Multifactor authentication

This is one of the best things any small business can implement and most of the time it is at no extra cost. MFA adds an extra step when you authenticate into your account. This is generally done with a 6 digit pin code. The pin codes can come from a text message, email, authentication app, phone call, or mobile phone push notification. Adding this step helps protect your account because generally speaking you need your mobile device or USB key physically with you to authenticate into your account. This is something the cybercriminal will not have, because you have it.

An added bonus is if you get a notification pin code for an account you didn’t try to access, you know your username and password has most likely been compromised alerting you to update that impacted account. 

Self awareness

When account records are exposed, especially 26 billion records, it can be difficult to assess which passwords, which accounts you need to monitor. You may also need to stay alert for new user accounts being opened with your email address or maybe even in real life accounts, like new lines of credit as an example. It is important to be on your guard for suspicious or sometimes subtle changes made to your accounts. Maybe your business social media account was compromised and there is an unusual post that you didn’t publish. Maybe you received an email asking you to verify a new account or an account settings change. These could all be signs of a compromised account.

To learn more about cybersecurity threats, trends, and topics with a focus on small business, check out Small Business, Big Threat!