Any unusual activity on your accounts recently? Maybe you should check Have I Been Pwned to see if you were one of the affected in the “monster data leak” – Collection #1.
What is it?
First discovered by Internet security researcher Troy Hunt on 17 January, Collection #1 dubbed the largest collection of breached data consists of more than 770 million unique email addresses and more than 21 million unique passwords.
Though subsequently removed, the records from the breach were available on a hacker forum as well as the cloud-based service MEGA. More shockingly it seems that this data is two to three years old, gathered from multiple sources, and that the seller ‘Sanixer’ has apparently much more recently obtained data to sell.
Why does it concern you?
While recently there’ve been more and more breaches and we’ve become in a way desensitized, the files included in Collection #1 are a bit different, not only because of the greater numbers but also because they include login credentials that have been de-hashed. In other words, the threat actors who stole the information were able to convert it into plain text. This makes it a lot easier for attackers to use those credentials to break into various email servers and other online systems.
Is there more?
Authentication security vendor, Authlogics, claims to have the data from Collection #2, 3, 4, and 5 in its possession and is loading it into its breached password database. This new data dump is speculated to come to roughly 784GB, nine-times the size of Collection #1, and could contain over seven billion records in its raw state.
What can you do?
As we said you should definitely check to see if your email addresses have been breached and change all your passwords. Putting multi-factor authentication where it’s available on all your accounts will also provide you with an extra level of protection. Investing in password managers is also a good alternative if you have easy passwords and constantly jot them down on loose papers.