Connect with us

News

A new massive email breach was uncovered, here’s how to check if you were affected

With 773 Million emails included, odds are that you were.

backlit keyboard showing various keys mega breach hack
Image: Unsplash

Hold onto your butts, we might want to reboot 2019 already. One of the biggest data leaks of, well… ever, has surfaced after multiple people contacted security researcher Troy Hunt about a trove of passwords seen on MEGA, the file-hosting service.

I’m not actually sure “trove” is the right word actually, maybe “fuckton” is better as the leaked collection has 773 million unique emails with 21 million unique passwords. Troy refers to this as “Collection #1,” so that’s what we’ll call it from now on.

Troy put together some analysis of Collection #1 on his personal site, including how the leaked data was discovered.

More about the leak and how it was discovered

Basically, it boils down to several people reached out to him last week, to point out a plethora of 12,000 files hosted on MEGA, which includes nearly 2.7 billion records in a total file size of 87GB. That’s about your average AAA videogame, which is an insane amount of data.

Troy also notes that the files have been taken down from MEGA but that they are still available on an unnamed, popular hacking forum. The forum post holding the data describes it as “a collection of 2000+ dehashed databases and Combos (combinations of email addresses and passwords) stored by topic.”

collection 1 on mega fileservice

Image: Troy Hunt

Yikes

This is the largest data leak since some yahoos at Yahoo let all three billion of the web company’s customer accounts get breached back in 2013. It’s cold comfort that even if you are caught up in this new 773 million affected emails, your really sensitive information like Social Security numbers or credit card details isn’t included.

How to see if you’re affected

Thanks to Troy Hunt’s well-known Have I been Pwned website, it’s easy for you to see if you’re part of the affected group.

  1. Head over to his site, and enter any emails you use into the search bar.
  2. The site will search for your details in the massive databases that Troy has added
  3. You’ll get a message like the one below if your email is included in a breach, along with the details of which breach(es) it was included in
  4. If your searched-for email is part of a breach, it’s advisable to change your password on any site you use that email on
  5. If your email isn’t part of a breach, you’ll get a message saying so and you can start breathing again

Image: Troy Hunt

What’s the password?

You can also check your passwords to see if they’re in part of a breach, using the HaveIbeenPwned Password checker. It’s the same process as before, type in your password and the database will be searched. If you use this password on multiple sites anyways, go and change them all – now, even if it doesn’t show up as part of a breach.

Seriously, it’s 2019, go get a Password Manager. 1Password is good and has integrations with HIBP to help keep you safer online. If you don’t want to pay a few bucks a month for security, the latest versions of Google Chrome also have a password manager built-in, so you never have to reuse passwords again.

What do you think of the breach? Were you affected? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Maker, meme-r and unabashed geek. Hardware guy here at KnowTechie, if it runs on electricity (or even if it doesn't) I probably have one around here somewhere. My hobbies include photography, animation and hoarding Reddit gold.

Comments
Advertisement

More in News