World's largest hacked credential database leaked

Telstra is urging Australians to change their online passwords after a massive, searchable database of 1.4 billion stolen usernames and passwords was leaked to the public internet.

The trove of unencrypted passwords was compiled using data obtained from over 250 high-profile data breaches of private domains.

The 41 GB database, which was discovered by security researchers 4iQ, is the largest known collection compiled by cybercriminals.

According to 4iQ, 14% of the passwords included were previously unpublished in a decrypted form and 318 million user accounts had been previously unpublished.

In a blog post, Telstra security special projects specialist Darren Pauli warned that email accounts are the most at risk of compromise as a result of the leak, but criminals can and do test email addresses and passwords against a variety of popular websites in case victims have re-used their password.

He said an easy way to shore up defences against such breaches is to maintain unique and complex passwords via the use of a password manager tool.

“We also advise that you do not register for personal online accounts using your work email address. This is because criminals will likely attempt to use your work email address and exposed password to break into your work accounts,” he said.

None of the data breaches used to source the database of login credentials involved any domains associated with Telstra networks, assets or services, Pauli added.

Follow us and share on Twitter and Facebook