tech2 News StaffJan 18, 2019 09:23:58 IST
The latest data breach has exposed 772,904,991 unique email addresses and more than 21 million unique passwords.
Second only to Yahoo's hack that affected as many as 3 billion users, this data breach called 'Collection #1' was first discovered by researcher TroyHunt, who maintains the website Have I Been Pwned, a way to check whether your own email or password has been compromised by a breach at any point.
On the website, Troy writes that "Collection #1 is a set of email addresses and passwords totaling up to 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources."
This means that the data breach is an aggregation of 2,000 leaked databases and does not come from a single source. According to a report by Wired, Hunt revealed that the databases have been stolen from a random collection of sites, purely meant to maximize the number of credentials that are available to hackers.
Further, Troy says that in reality, there are 1,160,253,228 unique combinations of email addresses and passwords that were found in the database, however unique email addresses totalled to 772,904,991. Basically, the source data was presented in a variety of different formats, which included some "junk". After cleaning out all that, he has loaded 772,904,991 to Have I Been Pwned. The Collection #1 folder is comprises of more than 12,000 files weighing in at 87 gigabytes.
The data also appeared briefly on popular cloud hosting site MEGA before being taken down, then posted on a public hacking site.
How to check if you have been affected by the data breach
If you already use the Have I been Pwned site, then you should have received a notification. If you aren’t already a member, you need to visit Have I Been Pwned now. Once on the site, you simply need to type in your email address and search, then scroll down to the bottom of the page. The site will let you know if your email address is affected by this breach.
From there, you can head over to the "Passwords" tab on the top of the website and type in any passwords you can remember, especially those that you use across different sites. If it's been "seen," it's time to change the password on sites where you use it, and stop using that password altogether.