A new massive email breach was uncovered, here’s how to check if you were affected
With 773 Million emails included, odds are that you were.
Hold onto your butts, we might want to reboot 2019 already. One of the biggest data leaks of, well… ever, has surfaced after multiple people contacted security researcher Troy Hunt about a trove of passwords seen on MEGA, the file-hosting service.
I’m not actually sure “trove” is the right word actually, maybe “fuckton” is better as the leaked collection has 773 million unique emails with 21 million unique passwords. Troy refers to this as “Collection #1,” so that’s what we’ll call it from now on.
Troy put together some analysis of Collection #1 on his personal site, including how the leaked data was discovered.
More about the leak and how it was discovered
Basically, it boils down to several people reached out to him last week, to point out a plethora of 12,000 files hosted on MEGA, which includes nearly 2.7 billion records in a total file size of 87GB. That’s about your average AAA videogame, which is an insane amount of data.
Troy also notes that the files have been taken down from MEGA but that they are still available on an unnamed, popular hacking forum. The forum post holding the data describes it as “a collection of 2000+ dehashed databases and Combos (combinations of email addresses and passwords) stored by topic.”
This is the largest data leak since some yahoos at Yahoo let all three billion of the web company’s customer accounts get breached back in 2013. It’s cold comfort that even if you are caught up in this new 773 million affected emails, your really sensitive information like Social Security numbers or credit card details isn’t included.
How to see if you’re affected
Thanks to Troy Hunt’s well-known Have I been Pwned website, it’s easy for you to see if you’re part of the affected group.
- Head over to his site, and enter any emails you use into the search bar.
- The site will search for your details in the massive databases that Troy has added
- You’ll get a message like the one below if your email is included in a breach, along with the details of which breach(es) it was included in
- If your searched-for email is part of a breach, it’s advisable to change your password on any site you use that email on
- If your email isn’t part of a breach, you’ll get a message saying so and you can start breathing again
What’s the password?
You can also check your passwords to see if they’re in part of a breach, using the HaveIbeenPwned Password checker. It’s the same process as before, type in your password and the database will be searched. If you use this password on multiple sites anyways, go and change them all – now, even if it doesn’t show up as part of a breach.
Seriously, it’s 2019, go get a Password Manager. 1Password is good and has integrations with HIBP to help keep you safer online. If you don’t want to pay a few bucks a month for security, the latest versions of Google Chrome also have a password manager built-in, so you never have to reuse passwords again.
- Another data breach is causing Google to shut down Plus sooner than expected
- Ezviz announces more smart home security devices at CES 2019
- Microsoft really believes Project xCloud can be the “Netflix for games”
- The resurrection of the Razr flip phone may be upon us
- Humble Bundle suffered a mild data breach