New breach: The "Collection #1" credential stuffing list began broadly circulating last week and contains 772,904,991 unique email addresses with plain text passwords (now in Pwned Passwords). 82% of addresses were already in @haveibeenpwned. Read more: https://t.co/BAa3rbgZo4— Have I Been Pwned (@haveibeenpwned) January 16, 2019
Yep, you read that correctly.
The largest data breach in history happened last week. Collection #1, as coined by cybersecurity expert Troy Hunt, was found in a MEGA file dump. And the 773 Million emails aren’t the only thing in the dump.
But what is a data breach anyway? Wikipedia says “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” Very accurate, however, it’s more than just that.
Delving deeper, it involves the unauthorized or unlawful spread of, but not limited to, bank/credit card details, personal health and identity records, trade secrets and a person or corporation’s intellectual property. And data breaches don’t necessarily need to be over the internet, as Collection #1 was. They can be spread over hard media, such as compact disks and USB drives.
But back to Collection #1.
Those 773 million emails? Found within 2.6 billion lines of code. This included non-case sensitive emails, as well as case-sensitive passwords. Those passwords within the breach, those number at 22 million. Troy Hunt says that “…of the 2.2 million people signed up to my notification service, 768 thousand are affected.” That means that there is a 35% chance that YOU, yes YOU, are affected by this breach.
You can check if you have been affected by this breach, as well as any other breach, at HIBP. I know I have, and I changed my password. I recommend getting a password manager, whether it’s a paid service (Dashlane or 1Password, to name a couple), a free service (if you use a free one, I recommend LastPass) or even an analog password manager, like a notebook.
And this isn’t the biggest data story in January. Right now, a potential data issue is unfolding, involving the popular game Fortnite. However, we’ll let that issue take its course.
Remember, keep your data safe, and don’t let it get into the hands of those around you.