Data leak exposes 773 million email addresses and 21 million passwords

By SHARMILA NAIR
  • TECH

  • Friday, 18 Jan 2019

Guilty: Vladimir Drinkman, 34, admitted to conspiring to illegally access computers and conspiring to commit wire fraud causing losses of more than US$300mil (RM1.27bil), said US federal prosecutors.

A collection of files containing around 773 million unique email addresses and 21 million unique passwords was leaked on the Mega Cloud service, claims security researcher Troy Hunt.

However, the massive collection has since been removed from the platform. According to Hunt, the data dump he dubs “Collection #1”, includes over 12,000 separate files and is more than 87GB in size.

It contained 772,904,991 email addresses and 21,222,975 passwords, allegedly from many legitimate breaches that Hunt recognises in that list.

He adds that it is also entirely possible that some of them are from services that haven’t actually been involved in a data breach at all.

“It’s made up of many different individual data breaches from literally thousands of different sources,” says Hunt, the founder of Have I Been Pwned service which allows users to check if their accounts have been compromised in data breaches.

Hunt says that his own personal data is in the collection and that it is accurate. “Right email address and a password I used many years ago,” he says.

You can go to Have I Been Pwned and Pwned Passwords to check if your email addresses or passwords are in the lists. If they are, then change your passwords immediately, says Hunt.

“People take lists like these that contain our email addresses and passwords and then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services,” he says.

“Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”

According to Hunt, when hackers have access to huge numbers of login data they would employ bots to access multiple services with the same information, a technique called credential stuffing.

Hunt also adds that websites usually experience a spike in login attempts, some as many as three times, after a massive data breach.

This data leak goes to show that no one should be reusing their old passwords for new services. If you are, now is the time to change that.

The Star Christmas Special Promo: Save 35% OFF Yearly. T&C applies.

Monthly Plan

RM 13.90/month

Best Value

Annual Plan

RM 12.33/month

RM 8.02/month

Billed as RM 96.20 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Roblox gaming platform says it is ready to make changes to get Russian ban lifted
Oracle's $10 billion Michigan data center in limbo after Blue Owl funding talks stall, FT reports
Coursera to buy Udemy, creating $2.5 billion firm to target AI training
Factbox-By the numbers: How the Netflix and Paramount bids for Warner Bros stack up
Warner Bros Discovery board rejects rival bid from Paramount
Analysis-Qatar bets on cheap power to catch up in Gulf AI race
Analysis-Crypto investors show caution, shift to new strategies after crash
OpenAI’s ChatGPT updated to�make images better and faster
With freebies, OpenAI, Google vie for Indian users and training data
Does China have a robot bubble?

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.