The largest collection of breached data in history has been discovered, comprising more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.
The 87GB data dump was discovered by the security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload Collection #1, said it was probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.
But the work to piece together previous breaches has resulted in a huge collection. “In total, there are 1,160,253,228 unique combinations of email addresses and passwords,” Hunt wrote, and “21,222,975 unique passwords”.
While most of the email addresses have appeared in previous breaches shared among hackers, such as the 360m MySpace accounts hacked in 2008or the 164m LinkedIn accounts hacked in 2016, the researcher said “there’s somewhere in the order of 140m email addresses in this breach that HIBP has never seen before”. Those email addresses could come from one large unreported data breach, many smaller ones, or a combination of both.
Security experts said the discovery of Collection #1 underscored the need for consumers to use password managers, such as 1Password or LastPass, to store a random, unique password for every service they use. “It is quite a feat not to have had an email address or other personal information breached over the past decade,” said Jake Moore, a cybersecurity expert at ESET UK.
Source: The Guardian