Hi. My name is Will, and apparently, one of my emails is in the data from the Epik breach.
I’m writing this for two reasons: One, in case someone gets clever enough to find me and attempt to shame me for being associated with Epik. The second is to share a little bit of knowledge and experience with you.
Anyway, my email being in part of the data dump is most likely this is due to them scraping domain name registration data, but I’m not 100% positive there. It’s weird: I’ve intentionally avoided anything Epik-related (because, well, you know..) yet they still managed to grab something of mine.
I probably won’t ever go through the actual data, because it’s a futile gesture, and I don’t really have the time to spend trolling through that breach and every other one like it. I would’ve if I were still young and in college, but now? Pass.
Here’s the reality of the situation in regards to any data breaches:
You’re going to get compromised. Everybody online will at some point. It’s inevitable.
What should you do, then?
Well, try to mitigate the impact.
In my case, the email address that was compromised was used for mailing lists/spam/some online ordering. I have separate emails for separate activities.
I also have multiple complex passwords, and try to change them with some regularity. Thankfully, I have a good memory for passwords: I type them repeatedly until I have them fully memorized, and will repeat that process every day for a week or so until they are committed. I do write them down during that time using a basic encryption method I devised (no, not a shift/increment), but afterwards I shred that, too.
I also perform permutations on the passwords, swapping and combining character sections of them. Really, I only have 5 core “passwords”. The actual passwords I use, however, are permutations on those 5.
If that’s all a bit much for you then you can make use of a password manager, too; then you’ve just got 1 password to memorize and change. I don’t like to use them for personal stuff, just because I don’t like to integrate them into software, and most software I use doesn’t support automatic integration of password managers. That means additional steps to access accounts, which as of writing this, is unnecessary.
Maybe some day my ability to retain passwords in my head will go and I’ll need to start using a password manager, but until then, I’m good.
Finally, don’t forget to make use of 2 factor authentication when available for anything critical.. And try to avoid making the answer something too simple.