The biggest data breach in the history
Now repeat that, billions of times. In particular, 2,692,818,238 times. That is the number of records that has the “Collection # 1”, the database that has just been released on the Internet by unknown sources; and that stores an absurd amount of email addresses and passwords.
We are facing the biggest data leak in history; they are so many data, that they occupy nothing less than 87 GB of storage by themselves. This has been revealed by security expert Troy Hunt, who has had the daunting task of reviewing the database; and check to what extent we should fear for our safety. Hunt received the database anonymously through a MEGA account, the file sharing service; Although it has already been deleted from the original account, it is inevitable that it is already being shared throughout the network.
The numbers in Collection # 1 are a little dizzy. The database is composed of 2,692,818,238 entries, although in reality, we are facing a kind of Frankenstein monster. The data comes from thousands of leaks from different sites and services; The creators of this database have gathered the “booty” of these attacks in one place.
This brings us to the second number: in the database, there are more than one billion unique combinations of mail and password; therefore, more than one billion entries are repeated, probably because users have used the same password in different sites attacked.
Hundreds of millions of filtered email addresses and passwords
The only positive thing is that some of these data can not be used, or at least not easily; in some cases, the hackers that obtained the data initially sabotaged or encrypted them, and even in some entries only compressed files are saved.
Once the initial cleanup was done, Troy Hunt discovered more than 770 million unique email addresses . This is the largest amount of emails leaked at one time. With such a quantity, it is very likely that if you read these words, this leak has affected you. The other important fact is that more than 21 million unique passwords have been found; This really reveals the extent to which we repeat the password in different services.
Of course, there is a margin of error for all these figures. These hackers are not precisely characterized by being clean and tidy, and there are many entries with rare characters, and even traps in the form of SQL strings (in case someone tried to add this database to your system). Some passwords are also “hashed”, have been passed by algorithms that are the first line of defense in a service; however, that does not mean that they have been properly encrypted, and it is usually possible to obtain the contents of a hash.
How to know if our data has been filtered
This database is already being shared in hacking forums, as well as in Dark Web sites. Taking into account the figures we are talking about, it is very likely that you are affected. Fortunately, there is a sure way to know it.
And is that Troy Hunt is also responsible for Have I Been Pwned , one of the best security websites and we have already recommended other times. This web is very simple, we just have to enter our email address, and the web will tell us if it appears not only in the list of Collection # 1, but also in other leaks of recent years.
In addition, we can also use Pwned Passwords to buy if our password is being shared. This does not always work, since it is possible that the password has been stored encrypted or “hasheada”; but it is important to check it also.
If our mail appears in the database, a warning will appear and we will receive some advice. The most important thing is to change the password of all the sites we use ; or use applications or services to generate new, more secure passwords. It is a long and tedious process, but the magnitude of the filtration is such that there are not many alternatives at the moment.
Also read ;
∎ What you should know about Personal Privacy on the Internet
∎ Best 5 Alternatives to Google based on Privacy
∎ Privacy Badger | Best Anti tracking extension
∎ Big data leak | Google shuts down google plus