As many as 772,904,991 unique email addresses and over 21 million unique passwords have been leaked online. This results in more than 87GB of passwords and emails getting leaked. All these had been distributed in a folder dubbed ‘Collection # 1’ by hackers who have posted the link to the dump on a hacking forum.
What’s more surprising is that the cache of emails and passwords appear to have been built up from numerous data breaches dating back to 2008. The data breach set was first reported by security researcher Troy Hunt who also runs the ‘haveibeenpwned’ website which lets you confirm if your email address or password have been compromised.
The Collection #1 is over 87GB worth of data and contains over 12,000 separate files. The data leak was posted on the cloud-based sharing website, Mega and this data seems to have been taken down since. The way logins on most websites work, they don’t store password, instead, what they store is a “hash” of your password, which emerges after a complex mathematical calculation that spits out a long string of numbers and letters instead.
Meaning, the next time you log in using the same credentials on the website and type in the password, the authentication process runs the password through the same calculations, and if the created hash matches the original one, you are allowed to access your account. The breach clearly suggests that these hashes have been safely cracked. Users can know if their account is breached by visiting the haveibeenpwned website and type in your email address to know if your account has been compromised.