Bell breach may have exposed over 1 million new email addresses to phishing and spam

Earlier this week, Bell confirmed that email addresses belonging to approximately 1.9 million customers and 1,700 phone numbers and names had been stolen by "an anonymous hacker."

Aside from informing affected customers in an email Tuesday morning, the company hasn't said much since. While it's still not clear how the breach happened, or when it took place,the breach doesn't seemas bad as it could have been. Fortunately, there were no passwords or financial information leaked.

But there's still a lot that can be done with the email addresses that were obtained, mostly byspammers and those who run phishing schemes.

According to the breach-tracking website Have I Been Pwned?60 per cent of the email addresses contained in the Bell breach were new. In other words, they hadn't been leaked in any of the previously leaked databases that are indexed by the site.

That means enterprising spammers and phishing attackers potentially have over one million new email addresses at their disposal.

What can you do? Not much, unfortunately, now that that files containing the email addresses are available online. But as always, use common sense, and be vigilant about the links you click and the attachmentsyou open. If you're not expecting to receive a document or link from a friend, for example, pay extra attention to things like the sender's email address, or the URL in your browser's address bar both of which can be cleverly crafted toappearlegitimate, but maybe fake.

And if you haven't already, check outHave I beenpwned? for yourself. It's operated by computer security expertTroy Hunt in other words, it's not some fly-by-night operationand lets you see how many times your personal information has been leaked in previous data breaches affecting sites such asMySpaceandLinkedIn.

If your emailaddress has been leaked in a previous data breach, it'sa good idea to change the password to your Bell account too, just in case.If you useda password on your Bell account that's the same as on a website thatpreviously had its users' passwords leak, a determined attacker might be able to use thatinformation to access yourBell account, too which likely contains even more personal information about you than what was actuallyleaked this week.