Friday, February 1, 2019

New 'collection' data dump contains 2.2bn usernames and passwords

Earlier this month, Have I Been Pwned's Troy Hunt brought attention to the largest ever online data dump containing 12,000 separate files and over 87GB of data containing 773m unique email addresses and 22m unique passwords.

Hunt referred to the wealth of personal data he found on MEGA as Collection #1 and now Collection #2-5 has appeared online containing 2.2bn unique usernames and passwords along with 845GB of data and over 25bn records.

Collection #2-5 contains almost three times as many unique records as Collection #1 and Phosphorous.io's founder Chris Rouland explained to Wired that more than 130 people are making the data available to download online. 

So far the data has been downloaded 1,000 times which means that the personal details Collection #2-5 contains will likely remain online indefinitely. 

Collection #2-5

While the site Have I Been Pwned was a useful resource in discovering if your credentials had been leaked in Collection#1, the site has not yet been updated with the information from Collection #2-5.

Instead users curious to know if their details have been leaked in the latest collection should check out Hasso Plattner's Info Leak Checker which contains details from 8bn accounts spanning 810 leaks.

Much of the stolen information contained in Collection #2-5 is from previous data breaches that affected Yahoo, LinkedIn and Dropbox.

However, these details could be utilized by hackers to launch credential stuffing attacks to compromise other accounts that use the same login details.

Via Wired

  • Worried about your credentials being exposed? Protect your passwords with the best password manager and secure your devices online with the best VPN


from TechRadar - All the latest technology news http://bit.ly/2CVWSid

No comments:

Post a Comment

Fake DocuSign emails are targeting some top US contractors

Fraudsters are impersonating US Government agencies Victims are encouraged to renew fake contracts using DocuSign Attacks have spiked a...