The largest set of breached data has been found, comprising over 77 crore email addresses and passwords posted on to a popular hacking forum last year in December. Security researcher and administrator of 'Have I Been Pwned', Troy Hunt, discovered the data dump of 87GBs and called it 'Collection #1'. Hunt said that the collection was "made up of many different individual data breaches from literally thousands of different sources". He added that the data breach doesn't represent a single hack of a large service and has multiple sources.
Collection #1 was uploaded to cloud service MEGA. It has a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are over 116 crore unique combinations of email addresses and passwords. Here, the passwords were treated as case sensitive but not the email addresses. The unique email addresses that have been compromised are over 77.2 crore and there are over 21 crore unique passwords that have also been compromised.
Is this a serious breach?
Collection #1 had several million unique email addresses and passwords. These were not the replacements from the previous megabreaches. Plus, the passwords were stored in plain text format, making them easy to use. There were no secret hashes that would require someone with technical knowledge to break in. Lastly, Hunt noted that these collections were freely available and were not for sale. It was publicly available on a cloud storage site and not on some hush-hush corner of the web.
Are you affected?
Troy Hunt runs a hack-security site 'Have I Been Pwned' that would easily tell you whether your email address has been compromised or not. Just type in your email address and pray! The site would also tell you all the previous breaches related to that email address. To be safe, just change the passwords of those accounts. The site also has a password search feature. The password search would let you know whether your password is out in the open and compromised. If it is, then promptly change it.
What can you do?
First and foremost, change all your passwords if your email address is affected. Also, never reuse the passwords on multiple sites as it will increase your exposure to such breaches. Make sure you have enabled two-factor authentication so that password isn't your only line of defence against hackers. Lastly, invest in a good password manager. 1Password or LastPass are two good options. Password managers allow you to create one of its kind & strong passwords for individual sites and accounts.
(Edited By: Udit Verma)