Some 773M email addresses have been exposed by hackers in what is the largest ever breach. Alongside the email addresses are 21M passwords …
Security professional and Microsoft Regional Director Troy Hunt said that the collection of email addresses and passwords comes from thousands of different sources, and the raw numbers were even higher before he started de-duping and cleaning up the data to find out what hackers had actually obtained.
Many of the passwords were encrypted, but using weak hashes which has enabled them to be cracked.
In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion […]
The unique email addresses totalled 772,904,991 [and] 21,222,975 unique passwords.
Hunt told Wired that although the individual hacks that generated the data were smaller, the aggregated data represents the largest volume ever seen.
The data has been loaded into Have I Been Pwned, so you can check whether it includes you by searching for your email address there.
That sort of Voltron breach has happened before, but never on this scale. In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s pair of incidents—which affected 1 billion and 3 billion users, respectively—in size. Fortunately, the stolen Yahoo data hasn’t surfaced. Yet.
If your email address is found, you should be extra vigilant for phishing attacks. Never click a login link in an email you weren’t expecting, even if it looks legitimate – always type a known valid URL yourself or use your own bookmarks.
The usual security advice also applies: always use strong, unique passwords for every website, and always opt for two-factor authentication when it is offered.
Photo: Shutterstock