The June 2025 disclosure that over 16 billion passwords were leaked has raised significant concerns in the digital community. Reports suggest that many of these credentials are recycled from previous breaches, with a significant number used for business access. This massive data breach highlights the urgent need to strengthen password security.
Don’t wait for the next breach to act. Follow these steps to safeguard your data today.
1. Change your passwords immediately
The first and most urgent step: change the passwords for your affected accounts right away. Use the CyberArk Password and Passphrase Generator to create strong, unique, and random passwords for each account that avoid common patterns and are difficult to crack. Avoid using simple phrases, dates, or anything related to personal information, such as names or birthdays.
Best practices for password creation:
- Use a combination of uppercase and lowercase letters, numbers, and special characters.
- Ensure the password is at least 12 to 16 characters long.
- Never reuse passwords across multiple accounts.
2. Enable Cyberark Password Insights
To secure your other passwords stored in Workforce Password Management, turn on CyberArk Password Insights. It automatically flags weak, reused, or already compromised credentials—so you can fix issues before they become incidents.
3. Turn on two-factor authentication (2FA)
Two-factor authentication (2FA) is an essential security measure that adds another layer of verification to your login process. Even if your password is leaked, 2FA can help ensure that unauthorized users cannot access your account. Here’s how to enable 2FA on major platforms:
Steps to enable 2FA:
- Navigate to the security settings of your account.
- Select the 2FA option.
- Follow the instructions to link your account with a trusted device or app such as Google Authenticator or a security key. If you choose the third-party authentication application option, CyberArk can store and autofill the TOTP code during login.
4. Freeze your credit
Passwords are only part of the equation—identity theft is another serious risk in breaches like these. Freezing your credit can prevent criminals from opening unauthorized accounts in your name.
To do this, contact each of the major credit bureaus:
This process helps to ensure that no one can access your credit report without your explicit authorization, reducing the risk of fraudulent activities.
5. Monitor account login activity
It’s essential to regularly check where your accounts are logged in. Apple, Google, and Facebook offer tools to view login activity and revoke access from suspicious devices.
Use the following links to check your account settings:
Steps to monitor login activity:
- Go to your account security settings.
- Look for “Devices Logged In” or similar options.
- Review the list of devices and locations.
- Revoke access to devices you don’t recognize.
6. Use HaveIBeenPwned to identify other vulnerable accounts
The platform HaveIBeenPwned allows you to check if your email addresses or usernames have been part of any data breaches. Visit the site and input your credentials to see which accounts may require immediate action. Change passwords for all affected accounts and monitor them for further suspicious activity.
7. Diversify email usage
One critical mistake many users make is using the same email address for multiple accounts. To minimize risk, use different email addresses for different purposes. For instance:
- Use one email for personal use.
- Create a separate email for work-related accounts.
- Use a dedicated email for online shopping or subscriptions.
This segmentation ensures that if one email is compromised, the breach does not cascade across all of your accounts.
8. Never use personal email for work accounts
Using personal email addresses for work accounts exposes individuals and organizations to significant security risks. Unlike enterprise-managed systems, personal email platforms often lack advanced protections, leaving them more susceptible to phishing attacks, malware infections, and unauthorized access.
This blurring of personal and professional boundaries also undermines the ability to enforce accountability and traceability—key components of a secure corporate environment. In the event of a cyberattack, sensitive work-related data stored in personal email accounts could be exploited, leading to severe breaches of confidentiality and financial losses. To mitigate these risks, strict adherence to corporate email policies is not just advisable—it’s essential.
Not using CyberArk Workforce Password Management yet?
CyberArk Workforce Password Management is a powerful enterprise password management solution designed to help organizations secure and manage employee credentials. It streamlines password security by enabling automatic generation, storage, and retrieval of strong passwords across various applications and systems, reducing the risk of breaches and ensuring compliance with corporate policies.
It als integrates seamlessly into existing workflows, offering centralized control and enhanced visibility into password usage. To explore its full capabilities and understand how it can transform your organization’s security posture, check out the our eBook, “Why Workforce Password Management Is Non-Negotiable,” or contact your account representative to learn more.
John Wu is a solution strategy architect at CyberArk.
