'Largest collection ever of breached data found' diff viewer (0/1)

This article is from the source 'guardian' and was first published or seen on January 17, 2019 11:36 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/2019/jan/17/breached-data-largest-collection-ever-seen-email-password-hacking

The article has changed 4 times. There is an RSS feed of changes available.

Previous version 1 2 3 Next version

Version 0	Version 1
Largest collection of breached data ever seen is found	Largest collection of breached data ever seen is found
2019-01-17 12:06:40 UTC	2019-01-17 14:10:57 UTC (about 2 hours later)
~~The largest collection of breached data ~~ever~~ ~~seen~~ has been discovered, comprising of more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.~~	The largest collection of breached data in history has been discovered, comprising more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.
The 87GB data dump was discovered by security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload ~~“Collection~~ ~~#1”,~~ said it is probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.	The 87GB data dump was discovered by the security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload Collection #1, said it was probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.
~~Still,~~ the work to piece together previous breaches has resulted in a huge collection. “In total, there are 1,160,253,228 unique combinations of email addresses and passwords,” Hunt ~~writes,~~ and “21,222,975 unique passwords”. ~~While~~ ~~most~~ of ~~the~~ ~~email~~ ~~addresses~~ ~~have~~ ~~appeared~~ in ~~previous~~ ~~breaches~~ ~~discovered~~ ~~being~~ ~~shared~~ ~~amongst~~ ~~hackers,~~ ~~like~~ ~~the~~ ~~360m~~ ~~MySpace~~ ~~accounts~~ ~~hacked~~ in ~~2008~~ or ~~the~~ ~~164m~~ ~~LinkedIn~~ ~~accounts~~ ~~hacked~~ in ~~2016,~~ ~~the~~ ~~researcher~~ ~~says~~ ~~“there’s~~ ~~somewhere~~ in ~~the~~ ~~order~~ of ~~140m~~ ~~email~~ ~~addresses~~ in ~~this~~ ~~breach~~ ~~that~~ ~~HIBP~~ ~~has~~ ~~never~~ ~~seen~~ ~~before.”~~ ~~Those~~ ~~email~~ ~~addresses~~ ~~could~~ ~~come~~ ~~from~~ ~~one~~ ~~large~~ ~~unreported~~ ~~data~~ ~~breach,~~ ~~many~~ ~~smaller~~ ~~ones,~~ or a ~~combination~~ of ~~both.~~	But the work to piece together previous breaches has resulted in a huge collection. “In total, there are 1,160,253,228 unique combinations of email addresses and passwords,” Hunt wrote, and “21,222,975 unique passwords”.
~~Security~~ ~~experts~~ ~~say~~ ~~the~~ ~~discovery~~ of ~~Collection~~ #1 ~~underscores~~ the ~~need~~ ~~for~~ ~~consumers~~ to ~~use~~ ~~password~~ ~~managers,~~ ~~like~~ ~~1Password~~ or ~~LastPass,~~ to ~~store~~ a ~~random,~~ ~~unique~~ ~~password~~ ~~for~~ ~~every~~ ~~service~~ ~~they~~ ~~use.~~ ~~“It~~ is ~~quite~~ a ~~feat~~ ~~not~~ to ~~have~~ ~~had~~ an email ~~address~~ or ~~other~~ ~~personal~~ ~~information~~ ~~breached~~ ~~over~~ the ~~last~~ ~~decade,”~~ ~~says~~ ~~Jake~~ ~~Moore,~~ a ~~cybersecurity~~ ~~expert~~ at ~~ESET~~ ~~UK.~~	While most of the email addresses have appeared in previous breaches shared among hackers, such as the 360m MySpace accounts hacked in 2008 or the 164m LinkedIn accounts hacked in 2016, the researcher said “there’s somewhere in the order of 140m email addresses in this breach that HIBP has never seen before”. Those email addresses could come from one large unreported data breach, many smaller ones, or a combination of both.
~~“If~~ ~~you’re~~ ~~one~~ of ~~those~~ ~~people~~ ~~who~~ ~~think~~ it ~~won’t~~ ~~happen~~ to ~~you,~~ ~~then~~ it ~~probably~~ ~~already~~ ~~has.~~ ~~Password-managing~~ ~~applications~~ ~~are~~ ~~now~~ ~~widely~~ ~~accepted,~~ ~~and~~ ~~they~~ ~~are~~ ~~much~~ ~~easier~~ to ~~integrate~~ ~~into~~ ~~other~~ ~~platforms~~ ~~than~~ ~~before.~~ ~~Plus,~~ ~~they~~ ~~help~~ ~~you~~ ~~generate~~ a ~~completely~~ ~~random~~ password for ~~all~~ of ~~your~~ ~~different~~ ~~sites~~ ~~and~~ ~~apps.~~ ~~And~~ if ~~you’re~~ ~~questioning~~ ~~the~~ ~~security~~ of a ~~password~~ ~~manager,~~ they ~~are~~ ~~incredibly~~ ~~safer~~ to ~~use~~ ~~than~~ ~~reusing~~ the ~~same~~ ~~three~~ ~~passwords~~ ~~for~~ ~~all~~ ~~your~~ ~~sites.”~~	Security experts said the discovery of Collection #1 underscored the need for consumers to use password managers, such as 1Password or LastPass, to store a random, unique password for every service they use. “It is quite a feat not to have had an email address or other personal information breached over the past decade,” said Jake Moore, a cybersecurity expert at ESET UK.
~~Hunt~~ ~~warns~~ ~~that~~ ~~the~~ ~~primary~~ ~~use~~ ~~for~~ ~~such~~ a ~~dataset~~ is ~~“credential~~ ~~stuffing”~~ ~~attacks,~~ ~~which~~ ~~take~~ ~~advantage~~ of ~~precisely~~ ~~the~~ ~~sort~~ of ~~password~~ ~~reuse~~ ~~that~~ ~~password~~ ~~managers~~ ~~exist~~ to ~~prevent.~~ ~~“People~~ ~~take~~ ~~lists~~ ~~like~~ ~~these~~ ~~that~~ ~~contain~~ ~~our~~ ~~email~~ ~~addresses~~ ~~and~~ ~~passwords~~ then they ~~attempt~~ to ~~see~~ ~~where~~ ~~else~~ ~~they~~ ~~work.~~	“If you’re one of those people who think it won’t happen to you, then it probably already has. Password-managing applications are now widely accepted and they are much easier to integrate into other platforms than before.
	“Plus, they help you generate a completely random password for all of your different sites and apps. And if you’re questioning the security of a password manager, they are incredibly safer to use than reusing the same three passwords for all your sites.”
	Hunt warned the primary use for such a dataset is “credential stuffing” attacks, which take advantage of precisely the sort of password reuse that password managers exist to prevent. “People take lists like these that contain our email addresses and passwords then they attempt to see where else they work,” he said.
“The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”	“The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”
Hacking	Hacking
Cybercrime	Cybercrime
Data and computer security	Data and computer security
Data protection	Data protection
Internet	Internet
	Internet safety
news	news
Share on Facebook	Share on Facebook
Share on Twitter	Share on Twitter
Share via Email	Share via Email
Share on LinkedIn	Share on LinkedIn
Share on Pinterest	Share on Pinterest
Share on WhatsApp	Share on WhatsApp
Share on Messenger	Share on Messenger
Reuse this content	Reuse this content

Previous version 1 2 3 Next version