More than 770 million email addresses and 22 million unique pbadwords have been found online by information security researcher Troy Hunt, owner of the infosec website, Have I Been Pwned.
Possibly the biggest data breach ever
The data file with all the email addresses and pbadwords has been loaded into Have I Been Pwned so that people can verify if they are affected by the violation.
As of now, it is not clear who originally loaded the data or where the violation originated. The data dump, which is found in a "popular hacker forum", contains 2,692,818,238 rows of data, collected from thousands of sources.
After Hunt cleaned up the data dump, "hackers are hackers, they do not always format their data dumps in an easily consumable way," says Hunt. plain text pbadwords.
Where were these data downloaded?
According to Hunt, it was addressed to MEGA, a popular platform in the cloud, which contained a large amount of data distributed in more than 12,000 different files, under the heading of the "Collection # I" directory, which he called this violation. The files amount to more than 87 GB of data that was shared in the "popular piracy forum" mentioned above.
The sources supposedly referring to the data files may or may not have been subject to previous violations, says Hunt, but confirms that their own data is between the email addresses and the pbadwords that are shared.
"Like many of you who read this," writes Hunt in the blog post announcing the violation, "I have been in several data breaches before they have given rise to my email addresses and yes, my pbadwords, which circulate in public, fortunately, only the pbadwords that are no longer in use, but I still feel the same sense of consternation that many people who read this will do when they see them appear again. "
How to verify if your information has been shared
Hunt has loaded all the data securely on your site so that visitors can check if they have been affected by the infringement, which many of you who read this will be.
"Around 2.2 million people currently use the free notification service [offered by Have I Been Pwned] and 768k of them are in this gap, "according to Hunt, so it's safe to say that one in three readers of this article will likely be affected, if not more.
In addition, Have I Been Pwned has a searchable database of compromised pbadwords that Hunt site users can use to see if their pbadwords have been compromised in a violation. According to Hunt, half of the pbadwords in Collection #I are not already in the database, which means that they have only been compromised.
Hunt is emphatic in his warning to the public: "If, like me, it's on that list, the people who intend to enter their online accounts are circulating among them and looking to take advantage of the shortcuts they may be taking. your online safety, my hope is that for many, this is the message they need to make a major change in their online security posture. "