It’s always a good idea to check Have I Been Pwned, an online service that lets you check if your credentials were compromised in a data breach. Troy Hunt, the researcher who runs this service, broke the news about a massive data breach today. More than 773 million emails and 21 million passwords are included in this list.
Hunt says that these stolen credentials popped up on the file sharing service Mega last week. The data was inside an 87GB folder called Collection 1 with more than 12,000 files. Hunt was able to process this trove of data to get an idea of the massive scale of this breach.
There are over 773 million email address in this folder with over 21 million passwords. What’s more concerning is that these passwords have been dehashed so anyone can use them for brute force attacks in an attempt to match the passwords to their corresponding email addresses. This substantial list is said to be a collection of smaller lists from earlier breaches.
It doesn’t seem like all of this data comes from one service. Someone has basically created an aggregated list of many leaked credentials so that hackers can use them in credential stuffing attacks which involve using scripts to inject credentials from a breached website into a different website as most people tend to use the same passwords across many sites.
All of the credentials that have been leaked in this breach have been entered in the service’s database. You can head over there and plug in your email to check if you’re affected. If you have, you should change your passwords post haste.