It is the first big data breach of 2019. Data stored on cloud storage service MEGA has been reportedly compromised, resulting in more than 87 GB of passwords and email addresses getting leaked.
The leaked data, containing 22 million unique passwords and over 772 million email addresses, had been distributed in a folder dubbed ‘Collection # 1’ by hackers who posted the link to the dump on a hacking forum, Mashable reported.
The data set was first reported by security researcher Troy Hunt, who maintains Have I Been Pwned, a way to search whether your own email or password has been compromised by a breach at any point. (Trick question: It has.) The so-called Collection #1 is the largest breach in Hunt’s menagerie, and it’s not particularly close.
Who’s Affected?
The accumulated lists seem designed for use in so-called credential-stuffing attacks, in which hackers throw email and password combinations at a given site or service. These are typically automated processes that prey especially on people who reuse passwords across the whole wide internet.
The silver lining in Collection #1 going public is that you can definitively find out if your email and password were among the impacted accounts. Hunt has already loaded them into Have I Been Pwned; just type in your email address and keep those fingers crossed. While you’re there you can also find out how many previous breaches you’ve been a victim of. Whatever password you’re using on those accounts, change it.
The trove appeared briefly on MEGA, the cloud service, and persisted on what Hunt refers to as “a popular hacking forum.” It sat in a folder called Collection #1, which contained over 12,000 files that weigh in at over 87 gigabytes. While it’s difficult to confirm exactly where all that info came from, it appears to be something of a breach of breaches; that is to say, it claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked.