87GB data dump reveals 'largest ever' collection of breached credentials

Tweet
Facebook
Send to

THE LARGEST EVER collection of breached data has been uncovered by security researcher Troy Hunt, and found to contain more than 770 million email addresses and passwords.

Oh, and it was posted on a popular hacking forum last December.

Measuring in at a hefty 87GB, the data dump was dubbed "Collection #1" and according to Hunt, who runs the Have I been Pwned breach notification site, contains a swathe of data sucked up from different breaches and thousands of sources.

"In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion," said Hunt.

He added that unique email addresses totalled 772,904,991, nothing that "this number makes it the single largest breach ever to be loaded into HIBP."

As for unique passwords, Collection #1 contains 21,222,975 of them, even after Hunt cleansed the data if things like fragments of SQL statement.

While Hunt can't confirm all the origins of all the data sources in the list, he did note that he recognised many legitimate breaches listed in it.

This massive data dump is a nasty one as it provides hackers with a place to take data from and use for credential stuffing attacks that basically try and use the pinched passwords and emails to access other services. As ever, people who reuse passwords for multiple services are most at risk.

"People take lists like these that contain our email addresses and passwords then they attempt to see where else they work," said Hunt.

"The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem."

Hunt recommends a password manager to help negate this risk, but the data dump is also indicative of how common data breaches are and how the data can be collected, collated and then used for nefarious means.

It kind of makes us what to sack off using the internet for a bit, but then all that porn is not going to watch itself. µ