Technology
The huge ‘Collection #1’ data breach is only a small part of much larger hacker dataset
Image: ambar del moral / mashable
I guess they wouldn’t have numbered it if it was the only one.
On Jan. 16, security research Troy Hunt uploaded a massive cache of leaked emails and passwords to his invaluable website have i been pwned. The 87GB dataset, dubbed “Collection #1,” was admittedly years old, and had been passed around by hackers for some time now. Still, the sheer scale of it — containing over 772 million email addresses — turned heads. Hold onto your digital butts, because as Krebs on Security reports, you ain’t seen nothing yet.
According to Krebs, the Collection #1 data breach is, unsurprisingly, part of a much larger collection of stolen online credentials being sold online. And, taken as a whole, it dwarfs Collection #1’s size.
Just how big are we talking? According to the hacker allegedly selling access to the data who communicated with Krebs over Telegram, the entire data set of email addresses and passwords comes close to 1TB. Brian Krebs, the infosec journalist behind Krebs on Security, tweeted a screenshot purportedly depicting a page listing the data for sale.
The sale of some 773M email addresses and 21M unique passwords on a hacking forum has been dubbed the biggest ever. People are freaking out. But according to the guy selling this, it’s neither new nor the biggest. It’s about 2-3 years old https://t.co/TQxoSwpfSu pic.twitter.com/kpePzoOIqb
— briankrebs (@briankrebs) January 17, 2019
In addition to the 87GB Collection #1, there’s a 526GB Collection #2, a 37GB Collection #3, a 178GB Collection #4, a 42GB Collection #5, and two other folders totaling an additional 126GB worth of credentials.
The seller told Krebs that, in total, they had close to 4TB of so-called password packages. Yeah, that’s a lot. According to the image above, the “Price for access lifetime” is only a cool $45.
So your email, along with one or more passwords to various throwaway online accounts you’ve used and discarded over the years, is likely being traded on the dark web. What does this mean for you?
Well, if you’re smart about your online security, probably not too much immediately. Assuming you use unique passwords for each account online — and you definitely should — any of your passwords contained in the dataset would only gain a hacker access to one specific online service. Like, say, your old Tumblr account. And, if you use two-factor authentication, you’re likely in the clear.
However, all this goes out the window if a hacker gets access to your main email account and can initiate password resets. And if the email account in question just so happens to share a password with your now-defunct Neopets account or whatever? You might legit be in trouble. Consider getting a password manager, and make sure your email has a unique password and 2FA.
And then go about your normal online business, comfortable in the knowledge that your personal data is being sold to hackers for the low, low price of $45.
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
Rabbit R1 hands-on review: Something is iffy about this
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
‘Shōgun’ co-creators break down the finale: ‘It’s a story about death’
Tesla’s new growth plan is centered around mysterious cheaper models
Tesla’s in trouble. Is Elon Musk the problem?
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
How to watch ‘Argylle’: When and where is it streaming?
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
Tesla layoffs hit high performers, some departments slashed, sources say
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
Consumer Financial Protection Bureau fines BloomTech for false claims
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
Rabbit R1 hands-on review: Something is iffy about this
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
‘Shōgun’ co-creators break down the finale: ‘It’s a story about death’
Tesla’s new growth plan is centered around mysterious cheaper models
Tesla’s in trouble. Is Elon Musk the problem?
-
Business7 days agoLangdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
-
Entertainment6 days agoWhat Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
-
Entertainment6 days agoThis nova is on the verge of exploding. You could see it any day now.
-
Business6 days agoIndia’s election overshadowed by the rise of online misinformation
-
Business5 days agoThis camera trades pictures for AI poetry
-
Business6 days agoCesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
-
Business4 days agoTikTok Shop expands its secondhand luxury fashion offering to the UK
-
Business5 days agoBoston Dynamics unveils a new robot, controversy over MKBHD, and layoffs at Tesla
