Huge data breach releases 773m records
A huge new trove of email addresses and stolen passwords has been uncovered. Known as ‘Collection #1’, it contains 773 million unique email addresses and 21 million passwords.
The haul appears to be a combination of information obtained from multiple sources, compiled into one database.
The breach was first reported by Troy Hunt, operator of the Have I Been Pwned security site.
Hunt was alerted to the stolen data when other people directed him to a large repository of files on the MEGA cloud service. The files have since been deleted.
In all, there were 12,000 files containing more than 87 GB of email and password data.
According to Hunt, some of the data was obtained in breaches going back to 2015, with a suggestion of one reaching all the way back to 2008.
Hunt also said he has been made aware that there are other ‘Collection’ datasets numbers #2 to #5. Writing about Collection #1 on his blog, he said, “Until this blog post went out, I wasn't even aware there were subsequent collections. I do have those now and I need to make a call on what to do with them after investigating them further.”
You can use the free tools on the Have I Been Pwned website to see if your email address and/or password have been comprised.
According to McAfee’s Ian Yip (Chief Technology Officer, Asia Pacific), “This incident is somewhat unsurprising, given the number of attacks we’ve seen hit Australian businesses, employees and everyday people over the last couple of weeks. Hundreds of millions of people are still at risk of a multitude of vulnerabilities, which can be exploited by sophisticated cybercriminals who are driven by monetary gain.
“With such a high volume of personal data being discovered, nobody can assume they haven’t themselves fallen victim. As an immediate next step, passwords need to be changed.”
“If you have the same password across any account, device or app you need to make every single one unique, strong and never re-use it again. A password manager is a great option if you want to do this quickly.”
Yip added, “This is yet another alarming wake-up call for people who do not place importance on their online privacy, security and data protection.”
Microsoft has admitted that attackers were able to use compromised privilege customer support...
A new penalty regime designed to boost online protection for Australians has been announced by...
Microsoft has extended AccountGuard — its security service for political parties and...