(Zero Hedge) Security expert Troy Hunt has exposed the largest publication of breached data in history, affecting over 770 million email addresses and 21 million passwords.
Related Health Apps Are Bad for Your Privacy: 80% or More Share Your Data, Research Reveals
by Staff Writer, January 17th, 2019
The new finding, called “Collection #1” by Hunt, consists of 2.6 billion rows and is made up of “many different individual data breaches from literally thousands of different sources.”
New breach: The "Collection #1" credential stuffing list began broadly circulating last week and contains 772,904,991 unique email addresses with plain text passwords (now in Pwned Passwords). 82% of addresses were already in @haveibeenpwned. Read more: https://t.co/BAa3rbgZo4
— Have I Been Pwned (@haveibeenpwned) January 16, 2019
The database going back as far as 2008 is a staggering 87GB in size, and comprises 1.1 billion unique combinations of email addresses and passwords – many of which have been “dehashed,” or cracked and converted back to plain text.
This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion. (I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives.)
The unique email addresses totalled 772,904,991. This is the headline you’re seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP). It’s after as much clean-up as I could reasonably do and per the previous paragraph, the source data was presented in a variety of different formats and levels of “cleanliness”. This number makes it the single largest breach ever to be loaded into HIBP. –Troy Hunt
The collection was dumped on anonymous storage site MEGA before it was posted on a popular hacking forum for anyone to access.
Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totalled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialised, complete with the following image: –Troy Hunt
https://twitter.com/Utkarsssh17/status/1085741374840991744
Not only am I on the list, I also received a phishing email telling me on of the throw away passwords I used together with that email. So at least in my case I know who got hacked… and who will _NOT_ be receiving a bitcoin ;D
— Ruben W. (@ruben_we) January 17, 2019
Just received my email. Plain text passwords 😰. I started using @haveibeenpwned and @1Password a while ago because of breaches like this. And so should you. There is @1Password which I recommend, but there are free alt's. Use @haveibeenpwned, you'll see why it's necessary. https://t.co/y2pl7ShWtZ
— Rutger Claes (@rutgerclaes) January 17, 2019
Thanks to the breach, it’s much easier for bad actors to attempt so-called credential-stuffing attacks in which online platforms are spammed with combinations of emails and passwords in order to gain access.
Fortunately, it doesn’t appear that credit card data or social security numbers were part of the publication.
Buy Book Consent of the Networked: The Worldwide Struggle For Internet Freedom
Hunt recommends running your email through his “Have I Been Pwned” breach-notification service, though that’s entirely up to you since (with all due respect) we don’t know Hunt and while helpful – the site also identifies real people vs. bots.
Read more about “Collection #1” here.
Stillness in the Storm Editor: Why did we post this?
Information security and privacy in the modern internet age is an extremely contentious issue. Prior to the Snowden disclosures, many refused to believe that wide-scale domestic spying on the part of the government was taking place. The preceding article helps dispel the false notion that our personal information is safe and secure and that likely hackers are employed by governments in a clandestine fashion, although that is not explicited stated above. This is important because when one properly comprehends the import of this truism, their righteous indignation can be stimulated, providing energy for collective action toward more honorable policies and laws. This article highlights the negligence on the part of officialdom to properly protect the people from information theives—beause the government is arguably the biggest offender. With this knowledge in hand, an individual can be more easily persuaded to participate in legal reforms that protect privacy and the inalienable rights of all.
– Justin
Not sure how to make sense of this? Want to learn how to discern like a pro? Read this essential guide to discernment, analysis of claims, and understanding the truth in a world of deception: 4 Key Steps of Discernment – Advanced Truth-Seeking Tools
Stillness in the Storm Editor’s note: Did you find a spelling error or grammar mistake? Send an email to [email protected], with the error and suggested correction, along with the headline and url. Do you think this article needs an update? Or do you just have some feedback? Send us an email at [email protected]. Thank you for reading.
Source:
Leave a Reply