773million reasons to turn to page 8
You should consider changing your passwords straight away after a security expert discovered the biggest ever data breach online.
Nearly 773 million email addresses and 21 million passwords were leaked, exposing more than 1.1 billion unique combinations of email addresses and passwords.
The data was found by Australian security researcher Troy Hunt, who runs the Have I Been Pwned? website (see screenshot and box below), on which you can search leaks to see if they contain your email addresses and passwords.
He spotted the 87GB stash of data, called ‘Collection #1’, on the popular online-storage service Mega. Later, he also saw it on a “popular hacking forum”. Many of the details were already available to criminals online, he added, though around 140 million previously secure email addresses and 10 million new passwords were part of the collection.
Hunt estimated the details came from between 2008 and 2015, and included his own email address and password, which he used “many years ago”. He predicted that hackers would use the data for ‘credential stuffing’, which are automated attacks that try millions of email and password combinations on websites.
He gave several reasons why the breach is particularly worrying, including that the passwords are all listed in plain text, meaning they aren’t encrypted. He also noted that anyone would have been able to take the data while it was available on Mega, though it has since been removed.