We have had so many data breaches from a variety of different services and companies, but this one has to be the largest since 2013. A huge data breach has resulted in 773 million email addresses and 21 million unique passwords being leaked. It’s being referred to as “Collection #1.”
The Data Breach
Security researcher Troy Hunt reports that multiple people got in contact with him last week to show him “a constellation of 12,000 files with a total size of 87GB and nearly 2l7 billion records hosted on MEGA.”
The files have been removed from the hosting platform, but they are still on a popular hacking forum that was not named. The forum post described the source of data as “a collection of 2000+ dehashed databases and Combos (combinations of email addresses and passwords) stored by topic.”
The last known data leak of this capacity was Yahoo’s 2013 leak that hit nearly three billion accounts. The good news of both leaks is that there are no credit card details or other sensitive information in the leaked data. It’s just emails and passwords, but, of course, with that data, someone can hack you individually and access whatever you have stored in your email data.
Were You Hit?
Thankfully, Hunt has made it easy to check if your information was among the leaked data in Collection #1. He has integrated the database into his website, Have I Been Pwned, which is a larger database allowing you to search emails addresses for past leaks.
Just visit Hunt’s site and enter your email address at the prompt. You will get one of the above messages showing whether your email was hacked. If your email is connected to a data leak, it will show you below when and where you were subject to a breach.
The site also contains a password search to check if any of the data breaches contained a password that you use.
I have not checked passwords yet, but I did check all my emails. Two were not affected. One was a few times, but they are older breaches, and I have reset my password since on multiple occasions. The other was affected multiple times, including in Collection #1, so I need to change my password. Luckily, though, it is an email that I mostly just receive junk mail on.
This is definitely a scary prospect, that there was such a large number of emails that were subject to the data breach, that there’s a likelihood that you were included.
It’s imperative that you go to the above-mentioned site and check to see if you were affected. If you were affected, let us know below the steps you took to protect yourself in the future.