Is your email safe when we have the news that our data were breached by the social media player, now it is email data that has been breached, over 772 million email addresses and 22 million unique passwords have been outed in a collection of files uploaded to cloud service MEGA? Calling it Collection 1, Microsoft’s regional director and MVP for developer security Troy Hunt, who revealed the breach first, said the dump was a “set of email addresses and passwords totalling 2,692,818,238 rows”. Also, in total, this adds up to “1,160,253,228 unique combinations of email addresses and passwords”.
In a blog post, “written for the masses”, Hunt said the collection had over 12,000 files adding up to 87GB of data. The same has since been deleted from MEGA. The emails were listed against breached sites. So the same email ID could be breached on many of the listed sites.
“Whilst I can’t tell you precisely what password was against your own record in the breach, I can tell you if any password you’re interested in has appeared in previous breaches Pwned Passwords has indexed,” Hunt’s blog post said. It explained that if a password you use shows up here, then it is time to stop using it.
The risk is about of credential stuffing, Hunt said— “the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts — using the email and password combinations. He said this method works where people are used to recycling passwords across different email IDs.