Huge data breach releases 773m records


By Jonathan Nally
Monday, 21 January, 2019

Huge data breach releases 773m records

A huge new trove of email addresses and stolen passwords has been uncovered. Known as ‘Collection #1’, it contains 773 million unique email addresses and 21 million passwords.

The haul appears to be a combination of information obtained from multiple sources, compiled into one database.

The breach was first reported by Troy Hunt, operator of the Have I Been Pwned security site.

Hunt was alerted to the stolen data when other people directed him to a large repository of files on the MEGA cloud service. The files have since been deleted.

In all, there were 12,000 files containing more than 87 GB of email and password data.

According to Hunt, some of the data was obtained in breaches going back to 2015, with a suggestion of one reaching all the way back to 2008.

Hunt also said he has been made aware that there are other ‘Collection’ datasets numbers #2 to #5. Writing about Collection #1 on his blog, he said, “Until this blog post went out, I wasn't even aware there were subsequent collections. I do have those now and I need to make a call on what to do with them after investigating them further.”

You can use the free tools on the Have I Been Pwned website to see if your email address and/or password have been comprised.

According to McAfee’s Ian Yip (Chief Technology Officer, Asia Pacific), “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks. Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.

“With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim. As an immediate next step, passwords need to be changed.”

“If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.”

Yip added, “This is yet another alarming wake-up call for people who do not place importance on their online privacy, security and data protection.”

Image courtesy Have I Been Pwned

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

The problem with passwords is not what you think

When it comes to secure authentication, there seems to be a lesson we're not learning.

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

Content from other channels on our network

Govt funds telco resilience tech, responds to LEOSat report

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

When does a conductor not conduct?

Purdue-created tech makes 3D microscopes easier to use

Recyclable circuit board turns to jelly for disassembly

Cracking the code on spin currents

The potential of flexible thin-film electronics for chip design

Central Highlands Water chooses Infor for ERP

The benefits and risks of AI usage in the public sector

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd