Over 772 million email addresses leaked in massive breach
Security researcher Troy Hunt, who discovered the leak, advocated the use of unique passwords to prevent hacking.
A massive database of email addresses and passwords was found on a popular hacking forum, Wired reported on Wednesday. The breach was first noticed by Troy Hunt, who runs the site Have I been Pwned, which tells a person if their email address and password have been hacked.
Hunt, who found the 87 GB database of over 772 million email addresses and 21 million passwords on cloud service Mega last week, said in a blog post that it was made up of “several individual data breaches from thousands of sources”. He called the database Collection#1.
The breaches occurred over different timeframes, Hunt wrote, adding that some files suggested the breaches went back to 2008. “Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows,” he wrote. “It’s made up of many different individual data breaches from literally thousands of different sources.” The unique email addresses totalled 772,904,991, and there were 21,222,975 unique passwords, he added.
Emphasising the need to have unique passwords, Hunt said he found information pertaining to his own accounts in the database. “My own personal data is in there and it’s accurate; right email address and a password I used many years ago,” Hunt said. “If you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.”
Hunt advocated the use of password manager apps to track one’s many unique passwords. “People take lists like these [the breached data] that contain our email addresses and passwords and attempt to see where else they work,” he said.
Online technology website Motherboard said data breaches of this nature were common but “these attacks will just not work” if one used email addresses with unique passwords and two-step verification.
A security expert who spoke to The Guardian said it was likely that most people have faced a data breach in the past decade. “If you’re one of those people who think it won’t happen to you, then it probably already has,” Jake Moore, was quoted as saying. “Password-managing applications are now widely accepted and they are much easier to integrate into other platforms than before. “They help you generate a completely random password for all your sites and apps.”