The "Collection #1" breach exposed 21 million passwords.
18 Jan, 2019FORTUNE.COM
It may be time to change your passwords again.
Security experts have discovered what very well could be one of the largest data breach of all time, a collection of 772,904,991 unique emails and 21,222,975 unique passwords.
Called “Collection #1,” the breach was initially reported by Troy Hunt and seemingly comes from many different sources, not a single corporate entity. And it’s an especially dangerous one as he says it creates 1.16 billion “unique combinations of email addresses and passwords”.
People can check to see if their accounts and passwords were compromised at Hunt’s “Have I Been pwned?” Website.
The sheer volume of the data was contained in 12,000 separate files clocking in at 87 GB of data on hacking forums. What’s especially troubling to security experts is the files contain "dehashed" passwords, meaning hackers were able to circumvent methods used to scramble those passwords into unreadable strings and expose them.
To put this massive breach into perspective, it’s not on the scale of Yahoo’s breach, which ultimately compromised 3 billion user accounts, but it’s significantly higher than the Marriott/Starwood Hotel breach of last year, which saw 383 million records accessed, or the 117 million users whose information was stolen from LinkedIn in 2012.