Security & Fraud

Data Breach Leaks 773M Emails, 21M Passwords

data-hacker-user-records-Security

The largest public data breach ever has been discovered, according to Gizmodo.

“Collection #1” has seen the exposure of nearly 773 million unique emails and more than 21 million unique passwords, affecting countless individuals. The breach is just one data batch of at least six more, collected by someone trying to sell the stolen info, which amounts to almost 1 terabyte of stolen information.

It was discovered by a man named Troy Hunt, a researcher who works in security and operates a website called Have I Been Pwned (HIBP). Users of HIBP can enter their email into a query and see if it’s been compromised. In his blog, Hunt talked about how he discovered the breach.

“Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87 GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialized,” he wrote.

One of the most troubling aspects of the breach is the fact that it contains “dehashed” passwords. Dehashed means the way passwords were scrambled into unreadable strings was figured out, and the passwords were completely exposed.

For the regular person, this means that email and password combos are especially vulnerable through what’s called credential stuffing. This is when specific combos are used to hack into other accounts using the same login credentials. People who use the same email password combination on many different sites are especially in jeopardy.

The Collection #1 breach has a staggering 2.7 billion combos. To make matters worse, about 140 million emails and 10 million passwords were new to the HIBP database, meaning they’ve never been reported stolen or compromised before.

The key thing to do, according to Gizmodo, is to not reuse passwords, enable what’s called a two-factor authentication and consider getting a password manager.

——————————

LIVE PYMNTS TV OCTOBER SERIES: POWERING THE DIGITAL SHIFT – B2B PAYMENTS 2021 

Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

TRENDING RIGHT NOW