We are barely half a month into 2019, and it seems like we have already bumped into one of the biggest data leaks ever. Reported by a renowned security researcher, Troy Hunt, the data leak comprises of as many as 773 million email addresses and 21 million passwords. As he has done in the past, he has integrated the database of all the leaked email addresses and passwords on a website to allow people to find out if their credentials have been leaked. The database is a part of what he calls, Collection #1, which has been taken from many different data breaches from various different sources.
According to Hunt, a lot of people reached out to him on Twitter last week and pointed him towards a large collection of files hosted on a cloud service platform, Mega. The collection was roughly around 87GB in size and comprised of a close to 12000 files. What’s interesting is that he says even his personal data, with the right email address and password that he used many years ago, was also listed on those files. As of now, the files have been removed and are no longer hosted on Mega.
The website, ‘Have I been Pwned‘, which we have covered in the past as well, was created by Hunt with an integrated database of the email address and passwords for users to find out if their credentials have been leaked. Users can go to this website and type in their email address in the dialogue box. Following which, the website searches for the provided email address on its database. If a match is found, it shows, “Oh no – pwned!”. In this situation, you need to immediately go ahead and change your password, before anyone else gets hold of your account. On the contrary, if the website shows, “Good news – no pwnage found!”, you are safe and good to go (for now at least).
In the same way, as you checked your email address, you can also check and see if your password has been pwned. For which, you need to go to this website and enter your password. The website will search for the password you entered on its database tell you if it has been pwned or not. In case, it’s pawned, you might need to go ahead and change it as soon as possible.
The data breach seems like the biggest breach after the Yahoo data breach back in the year 2013, which affected almost a billion accounts.
UPDATE: As of today, that is February 1, a new report has emerged, stating that as much as 845GB of data that includes 2.2 billion uniques records of usernames and passwords has been leaked. The new set of data is part of the new set of collection, classified as Collection #2-5. The revelation comes from different researchers after analyzing various different databases and includes as much as three times the data of Collection #1. With the addition of these records, security researchers have concluded that the total number of records after taking into account the duplicates, comes to around 25 billion.
What’s more disturbing is that the leaked data is being sold on the black market and has already been downloaded over a thousand times on some of the torrent sites. Notably, much of this leaked information comes in some form or the other from the previous data breaches in the past.
You can read the full report here.