Creator and operator of Have I Been Pwned, Troy Hunt, has this week revealed the existence of a massive data breach he is calling Collection #1.
Collection #1 is a set of email addresses and passwords occupying over 2 billion rows that contain data from a number of different breaches from “thousands of sources”.
“In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion,” Hunt wrote on his blog.
The Collection #1 was discovered by Hunt after folks pointed him to a collection of files on MEGA. The collection housed 12 000 files and came in at a hefty 87GB.
According to evidence seen by Hunt (which he has included in his blog) this collection of breaches was being socialised on a popular hacking forum.
The data appears to be a compilation of breaches from various sources but verifying that each breach is legitimate will be an ongoing process.
So what does this mean for you at home?
Well, given the size of Collection #1 you might be at risk. There is an easy way to check though. Head over to Troy Hunt’s website Have I Been Pwned and key in your email address.
Should your email address appear in a breach you will be notified immediately and you can then take action to protect yourself. The best course of action is to update your passwords and not recycle passwords.
Keying your information into Have I Been Pwned is safe but if you’re hesitant check out the privacy statement.
If remembering multiple passwords seems like chore we recommend using a password manager and securing it with a strong password.
[Image – CC 0 Pixabay]