Data breaches are becoming increasingly more common, but the most reach breach of 1,160,253,228 unique passwords and email addresses have been attributed to a breach that’s being called “Collection #1.”
The collective list of 773 million email addresses from several sources, published to the cloud storage service MEGA, was reported by Troy Hunt, the owner of the HaveIBeenPwned website, which indexes hacked information. The number of email addresses makes it the largest breach ever uploaded to Hunt’s site, he said. But there’s also 21,222,975 unique passwords released within the breach, stored in plain text for the world to see.
What’s not exactly clear is whether the breach stored an email address that’s actually associated with the password it used. (It certainly appears so, however, as Hunt refers to the list storing 2.7 billion combinations of usernames and passwords.)
But that’s not really the point: Hunt’s database allows you to check your email address to see if it’s turned up in the latest hack. More importantly, you can also check your password; if both turned up in the breach, you have to assume that someone out there has access to your email. (Some online services, like Google, also allow you to store third-party website passwords within the service. In that case, knowing your master Gmail password will give an attacker access to those, too.)
What’s especially dangerous is if you use both your email address and the same password at multiple sites. This is known as “credential stuffing,” and the implications should be clear: If an attacker knows that you used the same email and password at multiple sites, they can go from site to site (banking sites, your employer, Facebook, and more) and try to unlock your store of digital information.
For this and more tips contact Impress Computers on 281-647-9977
Read more on the IMpress Computers Blog