Yesterday, it emerged that a set of over 2.7 billion rows of email addresses and passwords had been posted to a hacking forum for anyone to see in a mega-breach dubbed Collection #1.
The breach was revealed by security researcher Troy Hunt, who runs the service allowing users to see if they’ve been hacked called Have I been Pwned. He has now loaded the unique email addresses totalling 772,904,991 onto the site.
The data includes more than a billion unique email and password combinations – which hackers can use over a range of sites to compromise your services. They will do so by utilizing so-called credential stuffing attacks, seeing bots automatically testing millions of email and password combinations on a whole range of website login pages.
The data originally appeared briefly on cloud service MEGA and was later posted to a popular hacking forum. The Collection #1 folder is comprised of more than 12,000 files weighing in at 87 gigabytes.
Most concerningly, the protective hashing of the stolen passwords had been cracked. This means they are easy to use because they are available in plain text rather than being cryptographically hashed as they often are when sites are breached.
Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components
