• Phone : +919970777895

77 Crore Emails Passwords Have Been Leaked Online In One Of The Biggest Data Breach Ever

By Neha Negi

Posted On Jan 20, 2019



In cyber security, breaches are something you can't really immunize your site against, you just kind of have to do the best you can to secure things, and hope it holds Sometimes you get slightly unlucky, and sometimes much more so. Much much more The Equifax breach in the US was one of the largest and most damaging in recent history, exposing the banking and personal details of millions of users. This latest one is worse, with 772,904,991 unique email addresses and over 21 million unique passwords exposed, all at once. The data was first uncovered by security researcher Troy Hunt, who runs the website Have I Been Pwned. It's a database of past breaches, setup in such a way that you can't scroll through, but you can search for any of your accounts that have been leaked. If it's on there, you should be changing your password. Hunt's latest discovery, currently entitled 'Collection #1', is the single largest breach on his site by a huge margin. He says he found it all recently on a popular hacking forum, where it had been uploaded to the cloud storage service MEGA, where it sat in a folder by under the name it's been given right now. In fact, the original collection was larger, as Hunt had to clean it up to eliminate duplicates and unusable strings of data. It was originally closer to 2.7 billion rows of addresses and passwords in more than 12,000 files amassing over 87 GB The biggest worry here? There's enough data for something called a credential stuffing attack. That's where hackers take a massive amount of login data like this, and they automate a process that attempts to sign in to a variety of services, using various combinations of email and password from the trove. It's bad in general, and it's especially bad for those of you that reuse passwords for various services across the Internet. The only thing going for you here is that, since the dataset has gone public, you can find out for sure if you've been compromised. Then you can at least get to change those passwords. Additionally, there's also a fairly new password search feature to determine if your passwords have been leaked separately, though it won't tell you from which accounts. Ref.By: indiatimes