EDITOR'S PICK
  • CYBER BULLYING AND CHILD SAFETY
  • A GUIDE TO DARK WEB
  • GUIDE TO NETWORK SECURITY
  • CONTACT US
CONTACT US
Security Land
  • HOME
  • NEWS
    News

    Combatting Cyber Crime: FBI Columbia Leads Multi-Agency Training Course to Enhance Investigation Techniques

    Security Land Security Land January 26, 2023
    News

    Gen Z’s Lack of Cybersecurity Knowledge Puts Small Businesses at Risk

    Security Land January 25, 2023
    News

    Experts Predict Consequential Year for Cybersecurity in 2023

    Security Land January 19, 2023
  • DATA BREACHES
    Data Breaches

    India’s Education Ministry Data Breach Exposes Millions of Student and Teacher Records on Unsecured Server

    A security lapse in India's Education Ministry's Digital Infrastructure for Knowledge Sharing…

    Security Land Security Land January 26, 2023
    Data Breaches
    Riot Games Suffers Social Engineering Attack
    DevOps
    Data Breaches
    CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens
    Data Breach - Security Land
    Data BreachesEditors Pick
    What You Should Know About Data Breaches
    indian bank data breach
    Data Breaches
    Indian Bank Exposed Millions of Records Online
  • EDUCATION
    Education

    Protecting Your Business: The Importance of Web Application Security

    Sponsored by IntelSenseIntelSense
    Editors PickEducation

    Incident Response Guide for Small Businesses

    Sponsored by IntelSenseIntelSense
    Education

    Protecting Patient Data: The Importance of Cybersecurity in Healthcare

    Sponsored by IntelSenseIntelSense
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Reading: More then 700M e-mail addresses with 21M passwords exposed
Share
Security Land
Aa
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
  • BOOKMARKS
Search
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Have an existing account? Sign In
Follow US
© Copyright 2023 | Security Land from IntelSense.
Security Land > Cybercrime > More then 700M e-mail addresses with 21M passwords exposed
CybercrimeData Breaches

More then 700M e-mail addresses with 21M passwords exposed

Security Land
Last updated: 2019/02/12 at 11:32 PM
Security Land
Share
5 Min Read
email data breach
SHARE

A massive collection containing the exposed data had mostly email addresses and passwords. The discovery, which may be the mother of all data breaches, is a collection of 772,904,991 unique emails and 21,222,975 unique passwords.

Dubbed “Collection #1” by Hunt, it is a set of email addresses and passwords typically consisting of different individual data leaks retrieved from thousands of sources.

Contents
A massive collection containing the exposed data had mostly email addresses and passwords. The discovery, which may be the mother of all data breaches, is a collection of 772,904,991 unique emails and 21,222,975 unique passwords.What Are the Risks?More Data Expected from Other Subsequent Collections

Without any clean-up, the collection consists of over 2 billion rows of email addresses and passwords.

Through his blog, Hunt states that there are a total of 1,160,253,228 unique combinations of email addresses and passwords if the latter is treated as case sensitive.

The data breach was brought to Hunt’s attention by multiple people who directed him to the collection on the cloud service MEGA.

The data, estimated to make up more than 87GB, was contained in a folder also named Collection #1, spread across 12,000 separate folders.

The data has since been removed by MEGA, but Hunt discovered a hacking forum where the data was being distributed after he was directed to the site by one of his contacts.

So what next after such a breach? The first important move is to confirm if email addresses and passwords have been compromised.

One can do so by simply visiting Have I Been Pwned (HIBP) and type in your email address or password to see whether at one point or another it was impacted by the breach.

The site, which is maintained by Hunt, has already been updated with data from the Collection #1 breach.

What Are the Risks?

The severity of the breach cannot yet be quantified, but it is a notably serious breach. Hunt alleges that the data was assembled to be utilized for credential stuffing: where a hacker exploits the data to fraudulently gain access to accounts through automated injection.

According to Hunt, some of the email addresses and passwords in the collection are not new.

He states that some of them at present exist in his database and approximates that 140 million email accounts, as well as over 10 million unique passwords, are new to the database.

Fortunately, the breach does not appear to have impacted sensitive data such as social security numbers or credit card credentials.

Regardless, he states that passwords in Collection #1 were not cryptographically hashed but were predominantly in plain text passwords.

This means that the data could be publicly used by anyone—no hacking skills required, increasing the risk exposure.

Furthermore, the data could be accessed for free on the clearnet and not from any dark web marketplace or forum.

More Data Expected from Other Subsequent Collections

According to analysis from security reporter Brian Krebs, Collection #1 is one of seven batches.

The rest are being sold by an individual who calls himself Sanixer on social network Telegram.

The seller also states that the data from Collection #1 is at least two to three years old and that data from the other batches is less than a year old.

For anyone impacted by the breach—notably if their password was found in HIBP’s Pwned Passwords database—they are highly advised to change the password and use a different and unique password for any account affected.

Experts like Hunt discourage the reuse of passwords and recommend using a dedicated password manager to help secure your password for each different account.

Additionally, the use of the two-factor authentication option in your accounts is also a step further to securing them.

However, if you weren’t impacted by the breach, it wouldn’t mean that your data isn’t out there.

One is advised to undertake the same measures to secure your credential and accounts. Data breaches are presently growing in frequency and severity.

The data mostly ends up in the dark web, where it’s auctioned to the highest bidder. It is then used in criminal activities such as phishing, blackmail and other cyberattacks.

Research has shown that there are indicators to look out for in case of a data breach or leak, especially in the dark web.

You Might Also Like

India’s Education Ministry Data Breach Exposes Millions of Student and Teacher Records on Unsecured Server

Riot Games Suffers Social Engineering Attack

CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens

Cyber Attacks in 2022 Up 50% Over Previous Year, with Healthcare Sector Most Targeted

An In-Depth Guide to Network Security

TAGGED: 700 milion emails dump, brian krebs, data breach, data dump, database dump, email dump, email leak, have i been pwned, microsoft, password leak, troy hunt
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Reddit Email Print
By Security Land
Follow:
Hello. I am Bot created by SL Team.
Leave a comment Leave a comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Watch Now

- Advertisement -
Ad imageAd image

Trending Stories

spying apps
Editors Pick

The powerful truth – All those “smart” devices…

April 16, 2019
Education

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

Sponsored by IntelSenseIntelSense

Instagram: 3 New Security Tools Added

August 29, 2018
ThreatQ TDR Orchestrator
Editors PickThreat Intelligence

ThreatQuotient Introduces Data-Driven Approach to SOAR and XDR

May 5, 2021

Canadian businesses need better tools to report cybercrime

October 31, 2021

Android: Debugging and Analyzing Vulnerabilities

September 19, 2018

Always Stay Up to Date

Subscribe to our newsletter to get our newest articles instantly!

I have read and agree to the terms & conditions

Follow US on Social Media

Linkedin Twitter Facebook Instagram Youtube

© Copyright 2023 | Security Land from IntelSense.

Security Land

More from Security Land

  • About Us
  • Privacy Policy
  • Advertise
  • Contact Us
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
SAVE & ACCEPT
physical security
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc.

I have read and agree to the terms & conditions
Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?