We're trying something new: a book club! Because why choose a summer beach read about unrequited love in the Hamptons when you can read about massive company data breaches instead?

Why it matters: Every Codebook reader is here to learn more about the ways hackers, governments, companies and regular people respond to online threats.

• Some of you are the most influential folks in your fields. Others are just trying to learn more about how companies are (or aren't) protecting your personal information.
• Fostering this community takes a lot of introspection and thought — and a book club feels like a natural next step in our goal to educate the masses about the wild and wacky world of cybersecurity.

Flashback: Long-time readers might remember the one time I joked about starting a cybersecurity-themed book club when we relaunched this newsletter nearly two years ago.

• I certainly didn't forget: I got dozens of emails demanding we actually do this — and now we are.

How it works: Each month, we'll pick a book tied to the cybersecurity ecosystem to read together.

• The pick could be about anything that tangentially touches cybersecurity, including books about the ransomware ecosystem, national security issues, or broader tech topics that influence online security (I'm looking at you, artificial intelligence).
• The book of the month also doesn't have to be a new release. We're open to anything from the cybersecurity canon, so to speak.
• At the end of the month, I'm aiming to interview the authors about some of the larger themes in the materials.

Yes, but: We're open to suggestions on how best to foster a discussion among each other about the books we read together.

• Our team is entertaining the idea of standing up a Discord channel, hosting live audio calls to talk among each other, and more.

Reality check: Part of the reason I'm excited to do this is to hold myself accountable to read the books top experts are releasing throughout the year.

• Admittedly, as someone on the move all the time, it's been difficult to find time to sit down and read (I'm sure many of you can relate).
• If you have tips for how to fold reading into your daily schedule, I'm listening.

🎶 Don't worry, audiobook listeners are welcome here too.

What's next: Stay tuned for our book club pick coming later this month.

• 💡 If you have ideas for which book to kick off with, respond to this email.

It's time to do that online security checkup you've been putting off.

Why it matters: Leaked passwords and weak multifactor authentication (MFA) remain some of the top ways that hackers break into accounts.

The big picture: Hackers have stolen at least 1 billion records so far in 2024, TechCrunch reported this week.

Between the lines: Practicing good cyber hygiene can feel a lot like going to the dentist. Many of us love to put it off until "later" and only snap into gear once a cavity forms.

Here are three steps you can do right now to better protect your online identity.

1. Run a search of which email addresses have been impacted in data breaches.

• Websites like Have I Been Pwned? will search leaked databases of stolen data on the dark web to see if any accounts tied to your email are in there. If they are, it's a pretty safe bet that your password was compromised too.

2. Download and start using a password manager.

• Password managers, like 1Password and LastPass, will store and create complex passwords for your online accounts for you. Many have even started creating and storing passkeys.
• Using one of these will also ensure that you're no longer repeating passwords across online accounts and will limit the scope of the damage if (or when) one account is hacked.
• Before you pick a password manager, do some research on how it's protecting users' information, including its master passwords. Wired and Wirecutter have good resources for the nontechnical readers out there.
• With the release of iOS 18 in September, Apple will debut its own password manager app called Passwords. We haven't been able to test it yet.

3. Turn on MFA for all online accounts possible.

• Better yet, make sure those MFA codes are stored in a specific app, rather than texted to a mobile phone. This will help if you're ever SIM-swapped.
• Yes, but: Not all websites support MFA yet — which is a bit difficult to stomach in the year 2024, but it's true.

The bottom line: Taking five minutes to do some basic cyber hygiene can go a long way to keep hackers from stealing sensitive personal details.

@ D.C.

🤝 The U.S. is lending its support to help France prepare for cyber threats tied to the 2024 Olympics. (Politico)

🏛 An inside look at the U.S. State Department's course to train diplomats on cybersecurity, privacy and other tech policy issues. (Wired)

💪🏻 An international coalition of law enforcement agencies has removed hundreds of installations of tainted Cobalt Strike software. (The Record)

@ Industry

🤖 Cloudflare has launched a free tool to prevent bots from scraping websites for data to train AI models. (TechCrunch)

📑 Proton, maker of a popular encrypted email service, has launched a privacy-centric alternative to Google Docs. (The Verge)

🚗 CDK Global says "substantially all" of the car dealers affected by a recent series of cyberattacks are back online now. (Bloomberg)

@ Hackers and hacks

⚠️ A hacker stole details about the design of OpenAI's technologies and some internal company discussions during an attack early last year. (New York Times)

🤨 Evolve Bank has served a newsletter writer with a cease-and-desist letter over his coverage of the fallout from a recent data breach at the company. (TechCrunch)

👀 Security researchers have uncovered a way to use infostealer malware to identify people sharing child sexual abuse materials online. (The Record)

Axios has a new addition to our newsletter lineup starting next week.

• 🪖 The Future of Defense, hosted by my colleague Colin Demarest, will cover the trends transforming warfare, from drones to AI and more. (And yes, that includes cyber warfare!)
• Sign up here — and join the Axios team in D.C. for the kickoff event Thursday.