The largest data breach has been discovered and exposes the emails and passwords of more than 770 million accounts.
A security researcher found the 87GB dump of data hidden on a hacker forum and says many of them have been previously included in other leaks such as the infamous MySpace and LinkedIn breaches.
Troy Hunt, who runs the Have I Been Pwned breach-notification service, found the leak on cloud-service MEGA and called it ‘Collection #1’.
He said: ‘If you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.’
Users can use the site to see if their email or password has been exposed.
‘In total, there are 1,160,253,228 unique combinations of email addresses and passwords,’ Hunt writes
He also found there to be 21,222,975 unique passwords exposed in the breach.
Although a significant chunk of the information in ‘Collection #1’ is already known to the world, the researcher believes 140 million previously safe email addresses have been leaked.
An alleged dossier of more than 2,000 websites was also found which is believed to be the source of some of the data.
These include: belgium.trans-escorts.com, www.themusichutch.com, botanyconference.org.
A Bitcoin site called bitcointalk.org allegedly is responsible for more than half a million user leaks.
It remains unknown if they came from one or several different sources.
Jake Moore, cyber security expert at ESET UK, said: ‘There has never been a better time to change your password. It is quite a feat not to have had an email address, or other personal information breached over the last decade.
‘If you’re one of those people who think it won’t happen to you, and then it probably already has.
‘Password managing applications are now widely accepted, and they are much easier to integrate into other platforms than before.
‘Plus, they help you generate a completely random password for all of your different sites and apps.
‘And if you’re questioning the security of a password manager, well they are incredibly safer to use than reusing the same three passwords for all your sites.’
Hunt believes the use of such a vast stash of personal data is most likely to be for an illegal technique called credential stuffing.
This ceases on a vulnerability which a lot of people are vulnerable to such as reusing passwords or very slight variations of a central theme.
They are often easily avoidable by installing a password manager.
Robin Tombs, CEO and Co-Founder of identity manager firm Yoti, said: ‘This latest news of 770 million email addresses and passwords being exposed on a hacking forum shows just how flawed passwords are for protecting our online accounts.
‘Millions of people will now have the worry and stress of whether their details are part of this data collection.
‘With the average person having 191 passwords, convenience often trumps security and many of us reuse the same password across different websites.
‘While using the same easy to remember password makes life easier for individuals managing an ever-growing number of online accounts, it makes it equally simple for hackers to strike.
‘They can use an email address and password obtained from a breach to access an individual’s accounts and valuable personal information.
‘With the development of password managers, help is at hand. They can securely store your login details – eliminating the need to remember all of your passwords.
‘Crucially they can be secured with your unique biometrics rather than a master password – meaning only you can access and use your passwords.’ -DAILY MAIL
