By Sheetal Sukhija, Asia Bulletin
19 Jan 2019, 12:24 GMT+10
NEW YORK, U.S. - In a revelation that has emerged as one of the biggest shockers in the global cybersecurity industry so far this year, a trove of the largest collection of breached data from across the world has been found.
A security researcher has discovered the 87GB data dump, that reportedly contains a whopping "1,160,253,228 unique combinations of email addresses and passwords."
The breached data, called the 'Collection #1' has been discovered by Troy Hunt, who runs the Have I Been Pwned website and posted details about the database in a blog post.
Hunt wrote that he found a massive folder containing about 12,000 separate files on the cloud platform MEGA, with nearly 87GB of data.
Digging deeper
According to Hunt, the data was made up of "many different individual data breaches from literally thousands of different sources."
He estimated, "Collection #1 has 2,000 separate databases that contain 1,160,253,228 unique combinations of email addresses and passwords and 21,222,975 unique passwords."
In the blog post, Hunt wrote that most of the email addresses compiled in Collection #1 have appeared in previous breaches, including the 2008 hacking of 360 million MySpace accounts and the 2016 exposure of 164 million LinkedIn accounts.
According to his breach-notification service, there are about 140 million email addresses and 10 million passwords in the collection that have never been seen before.
Hunt claims that those "email addresses could come from one large unreported data breach, many smaller ones, or a combination of both."
The databases discovered by Hunt contained fully exposed, 'rehashed passwords' - which he said makes the users vulnerable to credential stuffing, where compromised login credentials are used to hack into other accounts associated with them.
Experts boggled
Reports noted that MEGA administrators have now taken down the 87gb download but not before it was downloaded multiple times.
Commenting on the mega-breach, a cybersecurity expert at ESET U.K., Jake Moore was quoted as saying, "It is quite a feat not to have had an email address or other personal information breached over the last decade. If youre one of those people who think it wont happen to you, then it probably already has. Password-managing applications are now widely accepted, and they are much easier to integrate into other platforms than before. Plus, they help you generate a completely random password for all of your different sites and apps. And if youre questioning the security of a password manager, they are incredibly safer to use than reusing the same three passwords for all your sites."
Meanwhile, cybersecurity journalist Brian Krebs revealed that Collection #1 is just one batch of data being offered by a seller who claims to have at least six more.
Alex Holden, CTO of Hold Security told KrebsOnSecurity that the data appears to have first been posted to underground forums in October 2018.
Holden, who runs the company specializing in trawling underground spaces for intelligence about malicious actors and their stolen data dumps, explained that Collection #1 is "just a subset of a much larger tranche of passwords being peddled by a shadowy seller online.
Get a daily dose of Asia Bulletin news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to Asia Bulletin.
More InformationMONTPELIER, Vermont - Soon after announcing he is having another tilt at the presidency, U.S. Senator Bernie Sanders has named a ...
NEW YORK, New York - The FBI began an investigation into whether U.S. President Donald Trump was a Russian agent, ...
PERTH, Western Australia - An international drug ring operating in the West Australian capital of Perth has been dismantled. In ...
WASHINGTON DC - A U.S. Congressional committee is exploring whether the Trump administration is planning to provide Saudi Arabia with ...
The peace agreement signed by 15 warring parties in the Central African Republic has been hailed by the UN Children’s ...
WASHINGTON DC - U.S. President Donald Trump has called on the Venezuelan military to abandon their president, and to throw ...
NEW YORK, New York - U.S. stocks made modest gains on Wednesday as investors and traders contemplated minutes of the ...
DUBLIN, Ireland - Ireland's Minister for Agriculture, Food and the Marine Michael Creed met up with Jean-Yves Le Drian, the ...
SYDNEY, Australia - Investors ansd traders in Asia were in a good mood Wednesday sending all the major indices out ...
DUBAI, UAE - The property market in Dubai has been sinking since 2014, and is likely to remain depressed for ...
NEW YORK, New York - Wall Street continued its rally on Tuesday, although gains were modest. The big action on ...
LONDON, UK - The founder of Huawei has hit back at U.S. criticism of his company, accusing the United States ...
DUBLIN, Ireland - Following its successful acquisition of Hollywood-based Blindlight, Irish video-gaming company Keywords Studios has now announced its latest accomplishment. Keywords r ...
Read More