Troy Hunt who runs Have I Been Pwned (HIBP), a website where users can check if their email addresses were compromised, revealed that almost 773 million unique email addresses and about 22 million unique passwords were compromised in what he now dubs as “Collection 1” dump.
The data is hosted on cloud service MEGA.
In his blog post, Hunt detailed the enormous amount of data that were compromised. From the total of 1,160,253,228 unique combinations of email addresses and passwords, which may also include junk, 772,904,991 email addresses were exposed. Hunt said that “the number makes it the single largest breach ever to be loaded into HIBP.”
The unique passwords number to 21,222,975.
These findings come from different sources as many users check if their email addresses, and even websites, were compromised or hacked.
Hunt said that “multiple people” notified him by directing him to “a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87GB of data.”
One of his sources led him to a popular hacking forum where data are “socialized.” He explained that one post in the forum “referenced ‘a collection of 2000+ dehashed databases and Combos stored by topic” and provided a directory listing of 2,890 of the files which I’ve reproduced here.”
He noted that he recognized legitimate data breaches during his verification process and explained that “It’s entirely possible that some of them refer to services that haven’t actually been involved in a data breach at all.”
Hunt also shared that his own email address is in the compromised data.
In constantly checking a number of email addresses of family and close friends in the past, this writer found out that Yahoo! email addresses are more prone to being compromised that Gmail.
Back End News has written about protecting emails and data by using various security models and services. Choose which one suits your needs best. As for checking if your email address was compromised, go to: https://haveibeenpwned.com/. Scroll down a little further to see where and how was your email compromised.
Image from Pixabay