A collection of some 770 million e-mail addresses, as well as millions of passwords have been discovered in a massive data breach, web security researcher Troy Hunt posted online Thursday.
Hunt, who runs the website Have I Been Pwned, revealed his discovery of the 772,904,991 e-mail addresses alongside 21,222,975 passwords, which were dumped on the cloud service MEGA and being circulated by hackers online.
Hunt wrote the data is ‘made up of many different individual data breaches from literally thousands of different sources,’ adding that this was the ‘single largest breach ever to be loaded into HIBP [Have I Been Pwned].’ Hunt has called the data ‘Collection #1.’ In his web post, he explains in detail how he was informed of the breached data by a contact, who pointed him towards ‘a popular hacking forum,’ where the data was being shared.
The web researcher also said that his own personal data was among the breached information, and urged people to check whether they too had been exposed via HIBP and via his other website, Pwned Passwords, where individuals can check whether their passwords have been compromised.
If the search on HIBP or on Pwned Passwords finds that the data has been compromised, the pawned password should no longer be used and changed immediately, as this means that the information has been illegally accessed by hackers.
Hunt also urged people to use password managers, as ‘the only secure password is the one you can't remember.’ According to Pwned Passwords, reusing passwords is a common practice because people don't realize just how risky it can be to do so.
