There are violations, and there are megacities and there is Equifax. But recently revealed data on leaked data comes with a full volume: 772,904,991 unique email addresses, over 21 million unique passwords, all recently posted to a hacking forum. Does I Support Pwned, a way to search if your email or password has been compromised by a violation at any given time. (Trick question: There.) So-called collection # 1 is the biggest violation in Hunt's menagerie and not very close.
If anything, the above numbers violate the actual volume of the violation, as they reflect Hunt's efforts to clear the dataset to account for duplicates and remove unusable bits. In rough form it contains 2.7 billion rows of email addresses and passwords, including over one billion unique combinations of email addresses and passwords.
In short, he showed up on MEGA, the cloud service, and went on with what Hunt called a "popular hacking forum. "He sat in a folder called Collection # 1
"It just looks like a completely random collection of sites just to increase the number of credentials available to hackers," says WIRED. "There are no obvious patterns, just a maximum exposure."
This type of Voltron violation happened before, but never on this scale. In fact, not only is this the biggest violation that will become public, but it is the second place after Yahoo's incidents, which affected 1 billion and 3 billion users respectively. Fortunately, the stolen Yahoo data did not appear.
Accumulated lists seem to be designed to be used in so-called jail attacks where hackers throw combinations of emails and passwords on a site or service. These are typically automated processes that deal primarily with people who re-use passwords across the wide Internet. Hunt has already loaded them. Just type your email address and keep these fingers crossed. While you are there, you can also find out how many previous offenses you have become victims of. Whatever password you use on these accounts, change it.
In addition, I've introduced a password search function a year and a half ago; you can simply enter any passwords to go with your most sensitive profiles to see if they are outdoors. If so, change them.
While you're in it, get a password manager.
How serious is that?
Pretty serious! Although it does not seem to include more sensitive information, such as credit cards or social security numbers, collection No 1 is historical only on scale. Several elements make it particularly disturbing. First, about 140 million email accounts and over 10 million unique passwords in collection 1 are new to Hunt's database, which means they are not just duplicates of previous mega-regions. 1. – These are passwords for plain text. If we break a Dropbox, there may be 68 million unique email addresses, but passwords are cryptographic hash, making them very difficult to use, "says Hunt. Instead, the only technical power someone with access to folders needs to get into your accounts is the ability to scroll and click. on one of the most popular cloud storage sites – until it's down – and then on a public hacking site. They were not even sold; they were only available to anyone to take them.
The usual counsel for protection is applied. Never reuse passwords on multiple sites; increases your exposure with order. Get your password manager. I need to be integrated directly into 1Password – automatically checks all your passwords against the database – but you do not have a shortage of good options. Enable bid-based application-based authentication on as many profiles as possible, so your password is not your only protection. And if you find your email address or any of your passwords, you should know that you are in good company.
More Great Stories