Largest Breach Ever – Exposes 773 Million Emails, 21 Million Passwords

password lock and key

TechViews News   …..

It seems that almost weekly we hear of another data breach. So much so that we tend to simply accept it as a regular, normal part of life these days. But this one should make you sit up and pay attention.

The newly discovered “Collection #1″ is the largest public data breach by volume, with 772,904,991 unique emails and 21,222,975 unique passwords exposed.

The breach was first reported by Troy Hunt, the security researcher who runs the site Have I Been Pwned (HIBP), where you can check if your email has been compromised in a data breach. In his report, Hunt says a large file of 12,000 separate files and 87GB of data had been uploaded to MEGA, a popular cloud service.

The data was then cross-posted to a popular hacking forum and appears to come from a combination of over 2,000 databases. The troubling thing is the databases contain “dehashed” passwords, which means the methods used to scramble those passwords into unreadable strings has been cracked, fully exposing the passwords.

So what does this mean for the average person? According to Hunt, it means compromised email and password combos are more vulnerable for a practice called credential stuffing.

Basically, credential stuffing is when breached username or email/password combos are used to hack into other user accounts. This could impact anyone who has used the same username and password combo across multiple sites.

This is concerning as the Collection #1 breach contains almost 2.7 billion combos. Plus, around 140 million emails and 10 million passwords from Collection #1 were new to Hunt’s HIBP database—meaning they’re not from previously reported megabreaches.

If you’re curious if your emails and passwords are part of the Collection #1 breach, you can check at HIBP. You can also manually search to see which of your passwords have been exposed. I checked, and yes, two of my personal accounts was part of the Collection #1 breach, along with several no-longer-in-use accounts. Needless to say, if you can find your password in the HIBP database, you should change it immediately.

The takeaways from the Collection #1 breach, however, are the same good security practices as always. Don’t reuse passwords, enable two-factor authentication, and if you’ve been waiting to get a password manager, now is the time to bite the bullet.

Remember too that the same computer processing power that’s being used to recognize your voices, collect and sell your personal Facebook data, and serve up useful Netflix recommendations is also being used to generate passwords for hacking attacks.

And if all of that isn’t bad enough, it gets worse. Security reporter Brian Krebs reports that the Collection #1 trove is just a single offering from a seller who claims to have at least six more batches of data. Including the Collection #1 data, Krebs writes, this person is selling “almost 1 Terabyte of stolen and hacked passwords.”

Be Safe – Backup Your Data Regularly!


And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.