Another massive data breach, with this one having passwords in plain text! A brief overview:
- email addresses and passwords totalling 2,692,818,238 rows
- 1,160,253,228 unique combinations of email addresses and passwords
- unique email addresses totalled 772,904,991
- there are 21,222,975 unique passwords
That is the largest so far, with all of these coming from a variety of sources. Are you protected? Contact us today! Want to know if you have been affected? Check out https://haveibeenpwned.com
The full source article for this information can be found below.
Troy Hunt, the site admin of Have I Been Pwned just released some disconcerting news. A new data breach of humongous proportions has just been made public, we are talking astronomical numbers. He has called this data set “Collection#1” and is by far the largest he has ever found. This thing is kind of a “breach of breeches and contains about 2,000 leaked databases. This monster consists of :
- email addresses and passwords totalling 2,692,818,238 rows
- 1,160,253,228 unique combinations of email addresses and passwords
- unique email addresses totalled 772,904,991
- there are 21,222,975 unique passwords
He said: “There’s no obvious patterns, just maximum exposure. That’s the numbers, let’s move onto where the data has actually come from. Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totalled over 12,000 separate files and more than 87GB of data.”
Troy has loaded all this information in the Have I Been Pwned and there is lots more detail about this new breach over at Troy’s Blog. The database seems to have been put together for credential-stuffing attacks, in which hackers rapidly test email and password combinations at a given site or service. This is typically a fully automated process which preys especially on people who reuse passwords across multiple sites on the internet.
How Serious Is This?
WIRED called it: “Pretty darn serious! While it doesn’t appear to include more sensitive information, like credit card or Social Security numbers, Collection #1 is historic for scale alone. A few elements also make it especially unnerving:
- Around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database, meaning they’re not just duplicates from prior megabreaches.
- Then there’s the way in which those passwords are saved in Collection #1. “These are all plain text passwords.
- And lastly, Hunt also notes that all of these records were sitting not in some dark web backwater, but on one of the most popular cloud storage sites—until it got taken down—and then on a public hacking site. They weren’t even for sale; they were just available for anyone to take.”
Find out if any of your users are exposed in this brand-new humongous data breach.
Likewise, this is a great time to remind everyone to switch to a password manager such as 1Password or LastPass. It won’t solve the problem, but it’ll make protecting yourself and your users just a little easier.
For more information, check out Troy’s original blog post on the subject here: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/