773 Million Emails, 21 Million Passwords Leaked in ‘Largest Breach Ever’

Link

The breach involved 87 gigabytes of data including almost 2.7 billion rows of email addresses and passwords spanning at least 772,904,991 email accounts and 21,222,975 unique passwords. The data is allegedly a collection of more than 2,000 leaked databases.

The date of the breach was reported as Jan. 7. The data was uploaded to the popular cloud service MEGA, which has since been taken down. The data was also being distributed on a popular public hacking forum.

Some people just want to watch the world burn...

“They weren’t even for sale; they were just available for anyone to take,” Wired.com noted.

Thats a hell of a breach, who could possibly have that many credentials in 1 database to hack?

Somethings a foot.. I cant help but feel this is related to the Hong Kong Flash Crash

originally posted by: Agit8dChop
Thats a hell of a breach, who could possibly have that many credentials in 1 database to hack?

Did you read the quote you posted?

The data is allegedly a collection of more than 2,000 leaked databases

a reply to: ArMaP

Possibly the collection is screened/ aggregated so just to cover each individuals details once , ie one email addesses each person listed

a number like 771 million equates to being similar number to the whole EU population 740 million

a reply to: Agit8dChop

87 gigabytes of data

Have you been affected?

Just input your username and password into this search to find out.

originally posted by: toms54
a reply to: Agit8dChop

87 gigabytes of data

Have you been affected?

Just input your username and password into this search to find out.

Did you leave something out in your post?

Like the link to "this search"...

originally posted by: mobiusmale

originally posted by: toms54
a reply to: Agit8dChop

87 gigabytes of data

Have you been affected?

Just input your username and password into this search to find out.

Did you leave something out in your post?

Like the link to "this search"...

Whoosh...lol

a reply to: mobiusmale

I think you missed the joke in his comment.
Or I am reading too much into it.
Its early yet, bear with me lol.

They got mine--was contacted by ID protection service that there had been "a dark web compromise" of my email. Anyone have more info on this?

Changing out all my security settings. Good times.

Is there any way to find out if I'm affected without downloading 84 gigs of it?
Some website stated that hacked data was from 2008-2015. That's actually quite positive.

originally posted by: Metallicus

originally posted by: mobiusmale

originally posted by: toms54
a reply to: Agit8dChop

87 gigabytes of data

Have you been affected?

Just input your username and password into this search to find out.

Did you leave something out in your post?

Like the link to "this search"...

Whoosh...lol

That is funny, those are the people who would put their info in to see if it was compromised lol !

There's a really useful website I have been using for a few years that searches database leaks, pastebins, all kinds of things. You can enter your email address to see if you have been affected by leaks like this, it's pretty legit and can help you decide whether or not you need to change your password. It seems I have been affected on one of my emails by this latest leak.

www.haveibeenpwned.com...

a reply to: KiwiNite

Apparently "Collection 1" is just the start of this major list of email/password data. There appear to be Collections #2 - #5 as well.

Troyhunt.com

Q. Will you publish the data in collections #2 through #5? Until this blog post went out, I wasn't even aware there were subsequent collections. I do have those now and I need to make a call on what to do with them after investigating them further.

According to the Have I Been Pwned website, my e-mail address is in Collection #1.

I'm curious whether this huge hacked data release is related to that individual who claimed to have compromising data from companies related to 9/11 and other important "secrets."

-dex

a reply to: Agit8dChop

All my email accounts have been listed in data breach dumps. Sad as it sounds, people should take it for granted their emails are getting hacked on a regular basis. Changing passwords is the best way forward and using phrases helps a lot.

have i been pwned?

Enter email addresses into the above link and see if they've been included in dumps.

Emails are easy enough to generate.
I wouldn't be too worried if your emails are on there.
You NEED to worry if any passwords you are still using are!!
Check those too here:- Password check on HIBP

I've been alerted to breaches on multiple occasions. I use a password manager now and routinely change passwords with long random character passwords.

The worst was when Adobe got hit since I both own and subscribe to their software. They provided me with identity protection for free and alerted me to the breach quickly. Good company and I applaud how they handled it.

Another company that got hit did not alert me to it. Needless to say I don't go there or do business with them anymore.

It's just something that's a fact of life like we need air to breath. We have to defend ourselves by using password managers and identity protection.

Personally I email myself a little hidden tracking token so I can see if anyone has opened any of my emails.
I name it something enticing like bitcoin wallet address + password with false info within.
Also to onedrive, gdrive, dropbox etc.
Works a treat.

a reply to: Agit8dChop

Thats a hell of a breach, who could possibly have that many credentials in 1 database to hack?

what if @gmail or @live had been hacked? They'd surely have that much data of that kind stored

shouldn't be accessable though . . . "built in backdoors" anyone?

From what I can gather my emails on there are the one's I sign up for offers and other crap so could be from anywhere.
Adobe and Dropbox where well known which are there.

Looks to me like a drop of all the hacked databases from the last 4-5 years.

Having your email address and also having the password or being compromised are two different things.

As far as site account credentials, most sites are not saving passwords so are they actual passwords or hashes.

I would imagine it is not all email related.