Security & Fraud

Data Breach Leaks 773M Emails, 21M Passwords


The largest public data breach ever has been discovered, according to Gizmodo.

“Collection #1” has seen the exposure of nearly 773 million unique emails and more than 21 million unique passwords, affecting countless individuals. The breach is just one data batch of at least six more, collected by someone trying to sell the stolen info, which amounts to almost 1 terabyte of stolen information.

It was discovered by a man named Troy Hunt, a researcher who works in security and operates a website called Have I Been Pwned (HIBP). Users of HIBP can enter their email into a query and see if it’s been compromised. In his blog, Hunt talked about how he discovered the breach.

“Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87 GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialized,” he wrote.

One of the most troubling aspects of the breach is the fact that it contains “dehashed” passwords. Dehashed means the way passwords were scrambled into unreadable strings was figured out, and the passwords were completely exposed.

For the regular person, this means that email and password combos are especially vulnerable through what’s called credential stuffing. This is when specific combos are used to hack into other accounts using the same login credentials. People who use the same email password combination on many different sites are especially in jeopardy.

The Collection #1 breach has a staggering 2.7 billion combos. To make matters worse, about 140 million emails and 10 million passwords were new to the HIBP database, meaning they’ve never been reported stolen or compromised before.

The key thing to do, according to Gizmodo, is to not reuse passwords, enable what’s called a two-factor authentication and consider getting a password manager.


Latest Insights: 

With an estimated 64 million connected cars on the road by year’s end, QSRs are scrambling to win consumer drive-time dollars via in-dash ordering capabilities, while automakers like Tesla are developing new retail-centric charging stations. The PYMNTS Commerce Connected Playbook explores how the connected car is putting $230 billion worth of connected car spend into overdrive.


To Top