Collection 2 Data Breach Exposes 2.2 Billion Unique Accounts
Massive new data dump of 2.2 records are being distributed on hacker forums and torrents
A mammoth data dump database has grown much much bigger, according to security researchers in Germany.
They warned that over 2 billion email addresses and passwords are being passed around on hacker forums.
It comes after security researcher Troy Hunt last month discovered one of the biggest ever data breaches ever found that involved 773 million email addresses and passwords, which had been posted to a popular hacking forum in mid-December.
Bigger data
The 87GB data dump had been discovered by Troy Hunt who setup ‘Have I Been Pwned’ (HIBP) as a simple location for people to check if their personal data had been compromised by any data breaches.
He has not yet updated his website with the latest “collection” data, but researchers at the Hasso Plattner Institute who run their own Identity Leak Checker, have added to the ‘Collection #1’ data dump found by Troy Hunt.
The German researchers reportedly discovered that 611 million of the credentials in the new ‘Collections #2–5’ database weren’t included in the Collection #1 database.
The ‘Collections #2–5’ database reportedly contains 845 gigabytes of stolen data and 25 billion records in all.
This means that hackers have been exchanging a database that contains an estimated 2.19 billion email addresses and passwords.
“This is a start of something far more significant than anything we have seen before,” Jake Moore, cyber security specialist at ESET UK, warned Silicon UK via email. “Hackers are becoming even more sophisticated, and hopefully, this is a massive wake-up call to anyone with an email address.”
“The overarching statement here is that we need to adopt stronger layers of security, and this is the time to adopt a new way of managing passwords,” said Moore. “Using your three rehashed passwords is no longer going to cut it.”
What to do
If users are worried their email addresses have been compromised, they should either visit ‘Have I Been Pwned’ (HIBP) or Hasso Plattner Institute to run a check.
It is good advice for people affected to change their email passwords, and also people should consider using a password manager.
The ‘Collection #1’ and now the ‘Collections #2–5’ breaches are sure to go down as one of the largest ever data breaches.
However, it should be remembered that it is still some way off the Yahoo data breach in 2013 that saw the compromise of 3 billion accounts worldwide.
Do you know all about security? Try our quiz!