Data leak exposes 773 million email addresses and 21 million passwords

By SHARMILA NAIR
  • TECH

  • Friday, 18 Jan 2019

Guilty: Vladimir Drinkman, 34, admitted to conspiring to illegally access computers and conspiring to commit wire fraud causing losses of more than US$300mil (RM1.27bil), said US federal prosecutors.

A collection of files containing around 773 million unique email addresses and 21 million unique passwords was leaked on the Mega Cloud service, claims security researcher Troy Hunt.

However, the massive collection has since been removed from the platform. According to Hunt, the data dump he dubs “Collection #1”, includes over 12,000 separate files and is more than 87GB in size.

It contained 772,904,991 email addresses and 21,222,975 passwords, allegedly from many legitimate breaches that Hunt recognises in that list.

He adds that it is also entirely possible that some of them are from services that haven’t actually been involved in a data breach at all.

“It’s made up of many different individual data breaches from literally thousands of different sources,” says Hunt, the founder of Have I Been Pwned service which allows users to check if their accounts have been compromised in data breaches.

Hunt says that his own personal data is in the collection and that it is accurate. “Right email address and a password I used many years ago,” he says.

You can go to Have I Been Pwned and Pwned Passwords to check if your email addresses or passwords are in the lists. If they are, then change your passwords immediately, says Hunt.

“People take lists like these that contain our email addresses and passwords and then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services,” he says.

“Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”

According to Hunt, when hackers have access to huge numbers of login data they would employ bots to access multiple services with the same information, a technique called credential stuffing.

Hunt also adds that websites usually experience a spike in login attempts, some as many as three times, after a massive data breach.

This data leak goes to show that no one should be reusing their old passwords for new services. If you are, now is the time to change that.

Save 30% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 9.73/month

Billed as RM 9.73 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 8.63/month

Billed as RM 103.60 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Smartphone on your kid’s Christmas list? How to know when they’re ready.
A woman's Waymo rolled up with a stunning surprise: A man hiding in the trunk
A safety report card ranks AI company efforts to protect humanity
Bitcoin hoarding company Strategy remains in Nasdaq 100
Opinion: Everyone complains about 'AI slop,' but no one can define it
Google faces $129 million French asset freeze after Russian ruling, documents show
Netflix’s $72 billion Warner Bros deal faces skepticism over YouTube rivalry claim
Pakistan to allow Binance to explore 'tokenisation' of up to $2 billion of assets
Analysis-Musk's Mars mission adds risk to red-hot SpaceX IPO
Analysis-Oracle-Broadcom one-two punch hits AI trade, but investor optimism persists

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.