We’re just over two weeks into 2019, and one of the biggest data leaks in recent years has surfaced. Today, renowned security researcher Troy Hunt reported a massive leak consisting of 773 million unique email IDs and 21 million unique passwords, which he refers to as Collection #1.
Hunt said that multiple people reached out to him last week and pointed to a constellation of 12,000 files with a total size of 87GB, and nearly 2.7 billion records, hosted on MEGA. He added that the files have been removed from the hosting platform, but they persist on a popular hacking forum (that he didn’t name). Hunt said the forum post described the source of the data as “a collection of 2000+ dehashed databases and Combos (combinations of email addresses and passwords) stored by topic.”
This is arguably the biggest data leak after Yahoo’s colossal debacle of 2013 that affected nearly three billion accounts. The only consolation is there’s no sensitive information – like credit card details – in the leaked files.
How to check if you’re affected
You can easily check if your email ID was a part of the Collection #1 thanks to Hunt, who has integrated the database in his website Have I been Pwned. The site is a database to search email IDs that have been part of data leaks.
To check yours, just head to the site, and enter your email ID in the dialog box. If your email ID was not part of the data breach, you’ll get a message as shown below, and you can rest easy.
In case your email has been affected, it’s advisable to change your password at once. The site also offers password search to verify if any of the data breaches contained a specific password that you used.
While you’re at it, get a password manager to generate and securely recall strong, unique passwords.