2019's First Major Data Breach Consists of 773 Million Email Addresses
NEWS

2019’s First Major Data Breach Consists of Nearly 773 Million Email Addresses

2019 already has its first major data leak which consists of approximately 773 million unique email IDs and 21 million unique passwords, as reported by Troy Hunt:

Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totalled over 12,000 separate files and more than 87GB of data.

Collection #1 Data Breach Explained

Apparently, one of Hunt’s contacts pointed him to a popular hacking forum where the data was being “socialized”. On an image associated with the data there was a root folder named “Collection #1”, and so the researcher decided to name the breach this way. It appears that the data comes from multiple sources, and is perhaps “a collection of 2000+ dehashed databases and combos stored by topic”, as explained on a forum post where the breach was “advertised”.




However, the origin of the data hasn’t been verified yet:

I’ve written before about what’s involved in verifying data breaches and it’s often a non-trivial exercise. Whilst there are many legitimate breaches that I recognise in that list, that’s the extent of my verification efforts and it’s entirely possible that some of them refer to services that haven’t actually been involved in a data breach at all.

Related:
Data that belongs to more than 66 million users has been found on a website which was completely accessible to everyone. The records seemed to appear as if they were scraped from profiles in LinkedIn. The data may also include...Read more
MongoDB Leak Exposes 66 Million Users

It’s noteworthy that Troy Hunt’s own data is included in that breach list, and it appears to be accurate, consisting of an email address and a password he used many years ago. These passwords were stored as cryptographic hashes in the source data breaches, he said, wherewas the data contains dehashed passwords. “In short, if you’re in this breach, one or more passwords you’ve previously used are floating around for others to see,” Hunt added.

“As of now, all 21,222,975 passwords from Collection #1 have been added to Pwned Passwords bringing the total number of unique values in the list to 551,509,767”, the researcher pointed out in his blog post. It is definitely a good idea to check your email addresses via the Have I Been Pwned? website to make sure they have (or haven’t) been “pwned”. This breach is also a good reminder that it is a bad idea to recycle the same (or similar) passwords over and over again.

Hunt’s recommendation is to protect your accounts using 1Password (or a similar service), then enable 2FA (two-factor authentication), and finally subscribe to notifications for data breaches. Changing your unique passwords from time to time is also recommended.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...