In one of the biggest cybersecurity events in 2019 so far, it was discovered that more than 770 million email addresses and 21 million passwords have been exposed to hackers online.
The hackers behind the incident have posted all of the stolen email addresses and passwords in one place—effectively publishing victims’ login information for all to see.
The leak is being called “Collection #1” and has involved just over 1 billion unique combinations of passwords and email addresses total.
After the public data dump was removed from the hosting service on which it first appeared, it resurfaced on a popular hacking forum on the dark web, where it reportedly still resides.
A Collection of Compromised Email Addresses
Before answering the question of how 770 million email addresses can be found in one place, it must be clarified that the hacked information had been stolen from several different websites, and it may not be feasible to go back and trace how the data was obtained and from where.
Suffice it to say that the data dump was located on MEGA, a cloud-based file sharing site. The data lying in MEGA under the label “Collection #1” has since been removed from the platform, only to resurface later on a darknet hacking forum.
The list of emails and passwords ran into some 12,000 files, occupying 87 GB of data. The dataset contained rows upon rows of email IDs. At last count, there were more than 2 billion rows comprising this massive data dump when it was originally traced.
Cybersecurity Expert Troy Hunt Breaks the News
The first to break the news of the breach was Troy Hunt, a reputed cybersecurity expert. He founded the site Have I Been Pwned?, a platform where you can check if your data is included in known data breaches.
Hunt’s contribution has been to make some sense out of these data. When you deal with such large volume of information, there is the distinct possibility for duplication of data to occur. So, a program is run to identify and isolate the unique entries. Through this, Hunt was able to determine which of the emails and passwords matched.
This is how the 770 million unique email IDs were recovered; the number of unique passwords turned out to be 21 million in total.
How Secure Is Your Email Account?
With so many emails with passwords being made available and accessible to all, there would be cybercriminals ready to exploit the situation and try and log into the accounts. They may want to check if they can find hidden passwords of other critical accounts, such as bank accounts or ecommerce sites.
If you wish to take actions to protect yourself from any harm, try the following:
- Immediately change your password. While doing so, take help from one of the password manager apps which can help you create a solid and secure password. Your new password should be a code that you’ve never used before.
- Try to find out if the sites critical in nature (such as your bank account) follow 2FA or two-factor authentication processes before allowing any transaction; 2FA is considered to be more secure since the bank or other institution will want you to enter an instant access key that you’ve received on a separate device. This provides another layer of security for your login information.
- Install a VPN (Virtual Private Network) on your internet connection in public areas such as coffee shops, airports, restaurants and the like. This way, a VPN gives you good protection from being hacked through free public Wi-Fi networks that might not be adequately secured.
- Check if you have the right antivirus software installed on your device. Study the options available, get the best AV for your needs and install it.
Besides the above actions, you can take other precautions to make sure your data remains secure. Try and avoid holding information on your device’s disk. Try and store the information in cloud storage or in a hardware drive. A cloud service provider will fortify their servers better, and the possibility that the cloud server will get hacked is much less. Still, a hardware storage system is also recommended.
Now, on how to check if your email figures in the 770 million leaked emails, the site to visit is Have I Been Pwned? (mentioned above). Once there, you will find it easy to check and take the next step accordingly.