Last week, Home Depot dropped the other shoe, letting the world know that in addition to 56 million credit card numbers, approximately 53 million email addresses were taken in its recent security breach. If true, this represents one of the largest email breaches of all time, eclipsed only by the J.P. Morgan breach of 2014, which exposed upwards of 83 million email addresses.
As we’ve been discussing this issue, some people have asked “Why is this such a big deal? So what if your email address gets out there?” Why? It comes down to two things:
One reason is the sheer prevalence of email and how much our email is integrated into our daily lives. Think of how many that people know who use your email address; the impact of having to change email addresses is not trivial.
The second reason is a bigger issue: the associated security threat that comes with your email address being “out there.” Email is now the primary delivery form for viruses, spyware and all sorts of other very bad content. At any given time, between 65 to 80% of all Internet email traffic is spam. Only one out of every three or four email address is legitimate. And you can imagine that we’ll soon be seeing well-crafted phishing messages that will purport the source to be Home Depot.
So what can you to protect yourself? One strategy I’ve recommended to clients and friends is to setup multiple email accounts. Use one for “regular’ use and another for online commerce and other web applications. Most Internet Service Providers allow you to have a number of email accounts and you can always use Gmail or other online providers for email as well.
By having a separate account for online stuff, if the address is compromised, you can just kill off the account. As always, you need to be very diligent when reading email (and in particular when clicking on links) as the spammers continue to get better and better at composing the messages and defeating the systems designed to block the spam.