"Collection # 1" reveals 773 million email addresses, passwords in one of the largest data breaches ever recorded


Data breaches are becoming more commonplace, but the situation is a little disappointing today: 1,160,253,228 passwords and unique e-mail addresses have been attributed to an attack called "Collection # 1".

Troy Hunt, owner of the HaveIBeenPwned website, has published a collective list of 773 million email addresses from multiple sources and published on the MEGA cloud storage service. This database lists pirated information. The number of e-mail addresses makes it the biggest violation ever uploaded to Hunt's website, he said. But there are also 21,222,975 unique passwords disclosed within the violation, stored in plain text at the sight of the world.

What is not entirely clear is whether the intrusion has stored an email address actually associated with the password used. (It seems however that yes, since Hunt refers to the list containing 2.7 billion combinations of usernames and passwords.)

But that's not really the problem: Hunt's database allows you to check your email address to see if it's returned in the latest hacking. More importantly, you can also check your password. If both have appeared in the breach, you must assume that someone has access to your email. (Some online services, such as Google, also allow you to store third-party website passwords within the service, so knowing your Gmail master password will also give you access to them.)

What is particularly dangerous is that you use both your email address and the same password on multiple sites. This is known as "credential stuffing," and the implications should be clear: if an attacker knows that you have used the same email and password on multiple sites, can navigate from one site to another (banking sites, your employer, Facebook, etc.). ) and try to unlock your digital information store.

So what can you do? The first thing to do is to check if your email has been compromised. the chances are that he already has either in this violation or another. Hunt's site also allows you to check your password to see if it has appeared in the # 1 collection. If that makes you feel a bit uncomfortable, who is this guy from Hunt? case, you have several options to make you feel safer: read how Hunt anonymously stores passwords or simply change your password. You can then check your old (I hope only) password to see if this appeared in the database. If this is not the case, relax.

If this is the case, you will want to start manually changing your password quickly. We also have tips on how to handle a data breach.

The proven protection against massive data breaches is of course to use a password manager. They usually cost a little per month, but they can automatically generate impossible-to-guess passwords, which become even more complicated to decipher when paired with two-factor authentication. Even a password manager can not be considered totally secure, but it is far more efficient than using "12345678" for each website.

To comment on this article and other PCWorld content, visit our Facebook page or our website. Twitter food.