Thursday, 17 January 2019

773 Million records have been leaked in the single largest data breach to go public Is yours one

A massive trove of 773 Million records have leaked in one of the biggest single data breaches ever to go public. The leak includes 2.7 billion rows (2,692,818,238 rows to be exact) of emails and passwords made up of many different individual data breaches from thousands of different sources. The hack was first reported by security rexpert Troy Hunt who created and runs Have I Been Pwned?, a free resource for anyone to check if their online security or credentials have been compromised. The massive data breach which hunt has termed ‘Collection #1’ includes 772,904,991 unique email addresses and 21,222,975 unique passwords. This, after Hunt cleaned up the data dump to make sense of it. The data dump first appeared on MEGA cloud service (data has been removed from there since). Hunt reports that the collection totalled over 12,000 separate files and more than 87GB of data.  “One of my contacts pointed me to a popular hacking forum where the data was being socialised, complete with the following image,” Hunt reports, with the image of the Collection #1 data dump (see below). The security researcher says it is the single largest breach ever to be loaded onto Have I Been Pwned. According to him, the severity of this data breach is appalling as 140 million of all the email accounts in the data dump and 10 million unique passwords are new and do not belong to any previous breaches. In fact, Hunt reports that passwords stored in the Collection #1 dump were all plain text passwords, making them easily usable. Have you been pwned? Collection #1 seems to amalgamate over 2,000 leaked databases, hence the data is from a bunch of random websites. This particular data set is made to be used in credential-stuffing attacks wherein username and password pairs are automatically injected into websites to gain access to private user accounts. To check if your credentials were a part of this latest data breach, you can head onto Have I Been Pwned and simply enter your email address to check if you have been compromised. Hunt has loaded all the leaked credentials from the leaked database to Have I Been Pwned, making it easier for all those who were affected to find out. Subsequently, you can also head to the pwned password tool on the website to find out if your password has ever appeared in a lost of breached passwords. Don’t be alarmed if you find out you have been compromised before. The website also has information on previous data breaches like the ones that happened through Zomato, Yatra, Yahoo or any other spambots etc.  In fact, Hunt figured out that his own personal data was part of the Collection #1 breach. “What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago,” Hunt said in his post.

from Latest Technology News http://bit.ly/2TTiPoR

No comments:

Post a Comment