What just happened? One of the largest collections of leaked user login credentials has appeared. Security researcher Troy Hunt has highlighted “Collection #1,” a set of records made up of 773 million unique email addresses and 21 million unique passwords.
Hunt, who maintains the ‘Have I been pwned’ website that shows if an email appears in a breach, writes that Collection #1 is made up of 2,692,818,238 rows of email addresses and passwords across 12,000 separate files. The 87GB of data had briefly been accessible on cloud service Mega and is now on “a popular hacking forum.”
The data is an aggregation of over 2000 breached databases in which the password hashing has been cracked. Its size makes it the second largest breach after the Yahoo incident that affected 3 billion customers.
"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see."
The biggest risk to arise from leaks like these comes from people reusing the same login credentials across multiple sites, thereby allowing hackers to access their accounts. It’s yet another example of why you should use a password manager such as LastPass.
Now emailing 768,253 individuals who subscribed for notifications and another 39,923 who are monitoring domains...— Troy Hunt (@troyhunt) 16 January 2019
Hunt has added all the emails from Collection #1 to Have I been Pwned, so you can find out if your address appears on this list or any others. You can even safely search for any of your commonly used passwords to see if they’ve also been compromised.
Image credit: Eviart via shutterstock