It is only the third week of January and we’ve already experienced an enormous hack. Security expert Troy Hunt reported today that a huge data leak of 773 million unique email IDs and 21 million unique passwords. Troy refers to the leak as “Collection #1.”
According to Hunt, many people reached out to him last week and notified him about 12,000 files that totaled 87 GB of data and almost 2.7 billion records. The files were hosted on the Auckland-based cloud storage and file hosting service MEGA.
Hunt wrote that Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows. The most worrying part about the leaks is that the data came from more than a thousand different sources and all of the hacks occurred at different timeframes.
The oldest hacked file was from 2008.
“In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion.”
The number of unique email addresses that were hacked totaled 772,904,991. This is the figure that is being used by the press and is inferred from the volume of data that was loaded onto the website Have I Been Pwned (HIBP).
This is the single largest breach ever to be loaded onto HIBP, according to Hunt. HIPB is a database where people can enter their email address to check if they have ever been hacked.
If your email ID wasn’t found in the system, that means it hasn’t been affected by any known hack or leak. In case your email was affected, it is highly recommended that you immediately change your password. The website also provides password search functionality. This will help users check to see if any of the data breaches contained a specific password that they had used.
There were a total of 21,222,975 unique passwords revealed in the new data.
Hunt also recommended that people use a password manager. This software will manage a user’s passwords so they do not need to type in complicated, but more secure, passwords. Hunt further advised that users employ strong, unique passwords for every account, and not rely on the same password for all their accounts. He also recommended people use two-factor authentication whenever possible.
This is the biggest hack since Yahoo’s catastrophic data breach in 2013. The Yahoo breach left the data of some 3 billion users exposed. The true figures only came to light when Verizon bought out Yahoo in 2017. Yahoo earlier had said only 1 billion users had been affected.
Now that it looks as though you’re likely to be the victim of one of these breaches and the information is online, the best thing you can do is check the website. Or simply go in and change your passwords for all of your accounts on a regular basis.