A 87GB-large folder dubbed “Collection #1” containing more than 772 million email addresses and 22 million unique passwords was recently hosted on cloud storage service MEGA, as reported by KOD.RU outlet which cites a blog post by security researcher Troy Hunt.
According to Microsoft Regional Director for Australia Troy Hunt, of 772 904 991 email addresses and 21 222 975 million passwords which were shared on MEGA, 140 million email addresses and 10 million passwords had never been exposed before.
“Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It is made up of many different individual data breaches from literally thousands of different sources <…> This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion,” – Hunt wrote.
Notably, the expert confesses that his personal data is also there in the collection. He concludes that cybercriminals responsible for the leak were not trying to hide the data in the darknet or put it on for sale. Hunt recommends checking addresses on Have I Benn Pwned? (HIBP) website. There is a certain chance that it would help detecting time and source of each individual leak, so that one could decide whether there is a need for changing his or her passwords for more complicated ones or not. Hunt also advises to use password managers, such as 1Password, which “can take all your stored passwords and check them against Pwned Passwords in one go.”
Back in October 2018, a vulnerability in Facebook code exposed the personal information of nearly 50 million users, allowing hackers to sneak the data to darknet with intent to sell it illegally.