ST. LOUIS (KMOV.com) -- The largest data breach in history exposed more than 700 million emails and more than 21 million passwords.
The cataclysmic data exposure was first reported by Troy Hunt, the owner of haveibeenpwned.com, a long-running site which allows users to search their credentials (emails and passwords) and see if they’ve been compromised.
Hunt’s site analyzes hundreds of database dumps and repositories of information to constantly update what personal information has been released by hackers.
This new breach, dubbed “Collection #1,” has more than 2 billion rows of database information, totaling 1.16 billion combinations of emails and passwords.
“Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totalled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialised,” Hunt wrote in his blog. “My own personal data is in there and it's accurate; right email address and a password I used many years ago. … In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see.”
The sheer volume of email and password combinations poses a serious risk to anyone exposed, even if they were cautious in varying their passwords.
Because hackers can index all the data, they can mix and match emails and passwords until they find a match.
Simply put, if a user logged into their banking site using a password they also used elsewhere, hackers can now run every version of that password against every email a user has to find a match.
Meaning even if you used the same password with different emails, it won’t protect you.
Haveibeenpwned.com allows anyone to search their emails and passwords to see if they’ve been exposed, and all of the data from Collection #1 is now uploaded.
Security experts urge online users to use a password manager for optimum security, and also to use VPNs when going online on public wifi networks.