Did you receive an email this morning informing you that your personal information was exposed in a data breach called Collection #1? You’re not alone, and it’s a reminder to take precautions like enabling two-factor authentication and signing up for a password manager.
Security researcher Troy Hunt, who runs breach notification site Have I Been Pwned (HIBP), first reported the Collection #1 exposure. The massive trove of leaked data, which was posted to a hacking forum, includes some 772,904,991 unique email addresses and 21,222,975 unique passwords, Hunt said.
“Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows,” Hunt explained in a Thursday blog post. “It’s made up of many different individual data breaches from literally thousands of different sources.”
Hunt said he first caught wind of the breach last week when several people pointed him to a suspicious collection of files on the cloud service Mega. The 87GB collection, which contained more than 12,000 files, has since been removed from Mega, but found its way to a “popular hacking forum,” he wrote.
“My own personal data is in there and it’s accurate; right email address and a password I used many years ago,” Hunt wrote. “If you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.”
Some 768,000 of the 2.2 million people who use Hunt’s free breach notification service are affected by this breach and received an alert. If you don’t use that service, you can easily check if your information was included in the breach by visiting HIBP and entering your email address.
That tool won’t tell you which, if any, of your passwords leaked, but Hunt does offer a feature that lets you manually check your current passwords against a list of known breached ones. On the HIBP site, click “Passwords” at the top, then enter the password you’re concerned about it (HIBP won’t see your actual password, according to Hunt).
“My hope is that for many, this will be the prompt they need to make an important change to their online security posture,” Hunt wrote. “If you’re in this breach and not already using a dedicated password manager, the best thing you can do right now is go out and get one.”
We here at PCMag have evaluated two dozen of the best password managers to help you choose. Our favorites include Keeper Password Manager & Digital Vault and Dashlane. If you’re short on money, check out our roundup of the best free password managers.
A group of Amazon shareholders is pushing the tech giant to stop selling its controversial facial recognition technology to U.S. government agencies, just days after a coalition of 85 human rights, faith, and racial justice groups demanded in an open letter that Jeff Bezos’ company stop marketing surveillance technology to the feds. Over the last year, the...
Federal prosecutors are getting ready to hit Huawei with criminal charges for allegedly stealing trade secrets from American companies, The Wall Street Journal reported today (Jan. 16). Citing unnamed sources, the Journal said the criminal investigation stems from several civil lawsuits filed against Huawei, including one involving a smartphone-testing robot called “Tappy” developed by T-Mobile....