Data Breach Leaks 773M Emails, 21M Passwords

data-hacker-user-records-Security

The largest public data breach ever has been discovered, according to Gizmodo.

“Collection #1” has seen the exposure of nearly 773 million unique emails and more than 21 million unique passwords, affecting countless individuals. The breach is just one data batch of at least six more, collected by someone trying to sell the stolen info, which amounts to almost 1 terabyte of stolen information.

It was discovered by a man named Troy Hunt, a researcher who works in security and operates a website called Have I Been Pwned (HIBP). Users of HIBP can enter their email into a query and see if it’s been compromised. In his blog, Hunt talked about how he discovered the breach.

“Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87 GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialized,” he wrote.

One of the most troubling aspects of the breach is the fact that it contains “dehashed” passwords. Dehashed means the way passwords were scrambled into unreadable strings was figured out, and the passwords were completely exposed.

For the regular person, this means that email and password combos are especially vulnerable through what’s called credential stuffing. This is when specific combos are used to hack into other accounts using the same login credentials. People who use the same email password combination on many different sites are especially in jeopardy.

The Collection #1 breach has a staggering 2.7 billion combos. To make matters worse, about 140 million emails and 10 million passwords were new to the HIBP database, meaning they’ve never been reported stolen or compromised before.

The key thing to do, according to Gizmodo, is to not reuse passwords, enable what’s called a two-factor authentication and consider getting a password manager.