Technology
Nearly 22 million unique passwords leaked in ‘Collection #1’ data breach
It’s time to change your password again.
More than 87GB of passwords and email addresses have been leaked and distributed in a folder dubbed “Collection #1” by hackers in a significant data breach.
As detailed by security researcher Troy Hunt, the trove of nearly 22 million unique passwords and more than 772 million email addresses was hosted on cloud storage service MEGA.
The link to the dump was posted on a hacking forum, but has been since taken down from the service.
New breach: The “Collection #1” credential stuffing list began broadly circulating last week and contains 772,904,991 unique email addresses with plain text passwords (now in Pwned Passwords). 82% of addresses were already in @haveibeenpwned. Read more: https://t.co/BAa3rbgZo4
— Have I Been Pwned (@haveibeenpwned) January 16, 2019
Hunt explains the cache of emails and passwords were built up from numerous data breaches from allegedly thousands of sources, dating all the way back to 2008.
He came across the collection of files after he was alerted by “multiple people” last week, and discovered the breach even includes an email address and password he used years ago.
“Like many of you reading this, I’ve been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public,” he wrote.
“Fortunately, only passwords that are no longer in use, but I still feel the same sense of dismay that many people reading this will when I see them pop up again.”
Hunt has loaded the email addresses and passwords into his site, haveibeenpwned, which allows people to be notified when their email has been tangled in a breach, or check if a password has been exposed and is thus unsuitable for use.
After you’re done checking whether if your email address or password has been compromised, it’s worth looking into a password manager, or even an analog one like a notebook, where you can store difficult to remember passwords in.
“It might be contrary to traditional thinking, but writing unique passwords down in a book and keeping them inside your physically locked house is a damn sight better than reusing the same one all over the web,” he added.
-
Business6 days ago
API startup Noname Security nears $500M deal to sell itself to Akamai
-
Business6 days ago
US think tank Heritage Foundation hit by cyberattack
-
Entertainment5 days ago
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
-
Entertainment6 days ago
How to watch ‘Argylle’: When and where is it streaming?
-
Business5 days ago
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
-
Business4 days ago
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
-
Entertainment4 days ago
‘The Sympathizer’ review: Park Chan-wook’s Vietnam War spy thriller is TV magic
-
Entertainment3 days ago
Lenovo LOQ 15 (2024) review: A cheap gaming laptop, but can it run AAA games?