Some 2 billion email addresses and 1.3 billion passwords have been compromised in a series of data breaches highlighted by a cybersecurity company.
Microsoft regional director Troy Hunt, who runs the site Have I Been Pwned, says the stolen data is more extensive than anything the site has ever processed …
To be clear, this isn’t a single data breach. Instead, security company Synthient sought out stolen logins available on the dark web and compiled them into a single database before eliminating duplicates to find out the total number of credentials available. Hunt says the company isn’t exaggerating.
I hate hyperbolic news headlines about data breaches, but for the “2 Billion Email Addresses” headline to be hyperbolic, it’d need to be exaggerated or overstated – and it isn’t. It’s rounded up from the more precise number of 1,957,476,021 unique email addresses, but other than that, it’s exactly what it sounds like.
Oh – and 1.3 billion unique passwords, 625 million of which we’d never seen before either. It’s the most extensive corpus of data we’ve ever processed, by a significant margin.
The data was found in what are known as credentials-stuffing lists. The first thing a hacker does when they obtain email addresses and passwords from one website is to immediately try them on hundreds of other websites as they know that many people reuse the same passwords. This is why it is so dangerous not to have unique logins for every app, website and service you use.
What to do
If you want to know whether any of your own logins are found in this database, you can use the Pwned Passwords search feature. Hunt has designed this in such a way that the check is performed locally in your browser so that the site itself never gets to see your password.
If you don’t feel confident in this and are able to write your own code, then you can also use an API.
Additionally, you can sign up to be notified if your email address is found in any new breaches. This was how I learned of this particular database, although thankfully the password found was a login I used for a very minor website a great many years ago.
Either way, if you do not already have a unique login for every site you use, now would be a very good time to correct that. Start with the highest value websites like banks, financial services, Apple ID, Google accounts, and so on, and then work your way down.
Highlighted accessories
- Official Apple Store on Amazon
- Apple 40W Dynamic Power Adapter for iPhone 17
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone Air case
- Official iPhone 17 cases
- Official iPhone 17 Pro cases and Pro Max cases
Photo by Nahel Hadi on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments