What’s more surprising is that the cache of emails and passwords appear to have been built up from numerous data breaches dating back to 2008. The data breach set was first reported by security researcher Troy Hunt who also runs the ‘haveibeenpwned’ website which lets you confirm if your email address or password have been compromised.
The Collection #1 is over 87GB worth of data and contains over 12,000 separate files. The data leak was posted on the cloud-based sharing website, Mega and this data seems to have been taken down since. The way logins on most websites work, they don’t store password, instead, what they store is a “hash” of your password, which emerges after a complex mathematical calculation that spits out a long string of numbers and letters instead.
Meaning, the next time you log in using the same credentials on the website and type in the password, the authentication process runs the password through the same calculations, and if the created hash matches the original one, you are allowed to access your account. The breach clearly suggests that these hashes have been safely cracked. Users can know if their account is breached by visiting the haveibeenpwned website and type in your email address to know if your account has been compromised.