Over the past year, we’ve grown accustomed to hacks and data breaches on the internet. Now we’re less than a month into 2019, and we’ve already been hit with a devastating data breach. Some people are even calling it the largest collection of breached data (by volume) in history. The data breach named “Collection #1” by Troy Hunt, the scientist who discovered the breach, writes on his blog detailing the breach. In this blog, he mentions that 772,904,991 unique emails and 21,222,975 unique passwords have been exposed.
Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It’s made up of many different individual data breaches from literally thousands of different sources.
Troy writes “Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialized,”
The troubling thing is the databases contain “dehashed” passwords, which means the methods used to scramble those passwords into unreadable strings has been cracked, fully exposing the passwordsVictoria Song, Gizmodo
Have you been pawned?
In the blog, Troy also mentions a way for us to check if our emails or passwords have been hacked or not. The blog directs to a website:
‘;–have I been pwned? (HIBP) where users can check the threat to their accounts simply by entering their email or password in a dialogue box. If it shows “Good news — no pwnage found!” you’re good. But if it shows “Oh no – pwned!” that means your account has been breached and you need to change your passwords. The website also provides a free notification service where you can enter your email ID and you’ll be notified in the future if your email ever gets pawned. “However, what I can say is that my own personal data is in there and it’s accurate; right email address and a password I used many years ago. Like many of you reading this, I’ve been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public,” Troy writes about how his own data has also been breached.
Is it really that bad?
While all leading news publications sounded considerably alarmed, Motherboard (Vice) reported that the breach may not be as frightening as others have claimed. Gizmodo called it the “mother of all breaches.” Wired said it’s a “monster breach.”The Daily Mail went with “Biggest EVER collection of breached data.” Mashable advised readers to change their password—again. However, Motherboard said that as long as you have a two-factor authentication and use a password manager app, you have no reason to freak out.