A file with more than 773 million passwords and e-mail logins was discovered held by virtual criminals on Thursday (17). Cybersecurity expert Troy Hunt has reported the post leak on his personal blog, and estimates that the 87GB file contains about 21 million unique codes and a billion combinations of emails and passwords.
READ: Forbidden! View passwords you should never use
According to the numbers, this attack outweighs that suffered by Yahoo in 2016, making it the biggest data steal in history. The file was found after being hosted briefly on the Mega site, and gathers credentials of different leaks and various hacking actions. It is not known who is behind the elaboration of the third-party password bank. Possible victims can see if they were affected by the attack by reporting the email address on the Have I Been Pwned website.
Criminal scam database found online
Want to buy cell phone, TV and other discount products? Know the Compare
The folder with the file was briefly hosted on Mega, the famous cloud storage service, and now circulates through popular forums used by hackers. Named as Collection # 1, the data does not present a logical sequence that characterizes the attacks. "It just seems like a completely random compilation of sites to maximize the number of access credentials available to hackers, " Troy Hunt told Wired.
The file is composed of information stolen from a number of separate criminal actions. It was not possible to identify the source of the hacker activity, but Hunt told Wired that the file aggregates more than 2, 000 previously leaked databases. Even with data from other attacks, the file contains more than 140 million addresses that were not yet cast.
The information indicates that many attacks have not been identified, whether small or large. The criminal backup resulted in a gigantic collection of more than a billion email and password combinations and 21 million unique passwords. The number surpasses the attack Yahoo suffered when 500 million data was stolen, so that may be the biggest data theft in history.
How to check if your login and password were hacked
The expert who obtained the file with stolen credentials is also an administrator of the Have I Been Pwned password service. The portal has stored the database and allows you to verify via an email address whether the access data has been exposed in that leak.
In addition to verifying that your login has been compromised, it is important to keep your password always up to date and to use characters that do not link to phone numbers and other personal information. It's also a good idea to enable 2-step verification of important entries, such as social networking and email. TechTudo also offers a list of services that help identify leaked passwords. Here's how to use Have I Been Pwned to see if your email is safe.
Step 1. Access the Have I Been Pwned and check "I am not a robot" to advance the Captcha check;
Screen with Captcha Check Site Have I Been Pwned
Step 2. Enter your email address and press the "Pwned" button. The site will then tell you if your password has been stolen.
Action on the Have I Been Pwned website to check if an email had leaked data
Via Wired and The Next Web
How to remove password from MS Outlook PST file? Ask questions in the Forum.
How to find the Wi-Fi password for your current network in Windows