Home Forbes.com Is Your Email & Password In Latest 2.7 Billion Data Breach Named...

Is Your Email & Password In Latest 2.7 Billion Data Breach Named “Collection #1”?

SHARE
billion
(Image: Troy Hunt)

  Yesterday, it emerged that a set of over 2.7 billion rows of email addresses and passwords had been posted to a hacking forum for anyone to see in a mega-breach dubbed Collection #1.

The breach was revealed by security researcher Troy Hunt, who runs the service allowing users to see if they’ve been hacked called Have I been Pwned. He has now loaded the unique email addresses totalling 772,904,991 onto the site.

The data includes more than a billion unique email and password combinations – which hackers can use over a range of sites to compromise your services. They will do so by utilizing so-called credential stuffing attacks, seeing bots automatically testing millions of email and password combinations on a whole range of website login pages.

The data originally appeared briefly on cloud service MEGA and was later posted to a popular hacking forum. The Collection #1 folder is comprised of more than 12,000 files weighing in at 87 gigabytes.

Most concerningly, the protective hashing of the stolen passwords had been cracked. This means they are easy to use because they are available in plain text rather than being cryptographically hashed as they often are when sites are breached.

Forbes, excerpt posted on SouthFloridaReporter.com, Jan. 17, 2019

SHARE
Forbes Media is a global media, branding and technology company, with a focus on news and information about business, investing, technology, entrepreneurship, leadership and affluent lifestyles.