(MENAFN- NewsBytes)
#MegaBreachAlert: Over 2 billion emails, passwords found on 'hacking' forum
17 Jan 2019
In a shocking development, Troy Hunt from 'Have I Been Pwned' has found more than two billion emails and passwords online.
The raw dataset, containing encrypted, unencrypted information, appears to have been collated from thousands of different breaches and sources.
It was discovered on cloud service MEGA and is said to be the largest ever chunk of leaked data to go public.
Here's more.
Insanely massive trove of data on hacking forum
Data volume
Last week, Hunt's contacts directed him to an insanely massive trove of data containing 2.7 billion rows of emails and passwords, including over a billion unique combinations.
The data, packed in a folder called Collection #1, was on MEGA and continued to exist on a 'popular' hacking forum.
The 87GB folder had over 12,000 email-password files in different sub-folders, like 'EU combos, Shopping combos'.
Even after stripping out unusable bits, data volume stayed high
Fact
Even after Hunt's cleaning, the number of unique emails and unhashed, plain-text passwords in Collection #1 remained high. To put this into perspective, Hunt removed unusable bits, hashed passwords, and duplicates and still found nearly 773 million unique email addresses, over 21 million unique passwords.
But, how this information got leaked?
Source
As Hunt emphasized in the post detailing this discovery, it is difficult to say for sure where all this information came from.
The post on the hacking forum referenced "a collection of 2,000+ dehashed databases and Combos stored by topic," he said while suggesting that the information appears to have been collated from several different leaked databases - for hackers.
Here's what Hunt said on the leak
Fact
"It just looks like a completely random collection of sites purely to maximize the number of credentials available to hackers," Hunt told WIRED. "There's no obvious patterns, just maximum exposure."
Can hackers use this information?
Attack risk
The humongous trove of emails and passwords posted publicly can be used by hackers to conduct the so-called 'credit stuffing attacks'.
As part of these attacks, they could throw in leaked email and password combinations at different sites or applications to gain access, Wired reported.
The biggest risk from such an attack would be to those who use same email-password combinations across various sites.
How to know if you are affected?
Important
Well, the scale of this breach is alarming and it is important to check if your information has been compromised in the incident.
The process is very simple as you just have to visit Hunt's Have I Been Pwned website (https://haveibeenpwned.com) and enter your email.
You can even enter your password on the site to see if it has been compromised or not.
MENAFN1701201901650000ID1097986909
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.