Security experts have warned about the perils of going online but our lives have taken a dramatic turn towards digitalisation, making it difficult to stay away from the internet. Adding to the series of events where hundreds and millions were affected in some form of cyber-attack and any point in time, a new data breach has come to light that affects over 700 million users with an email account.
Cybersecurity expert Troy Hunt discovered a massive trove of email IDs and passwords dumped online for anyone to take. Hunt took to his blog to reveal his findings in the latest data breach, which is not only one of the largest one ever but second only to Yahoo's breach in 2013 affecting nearly 3 billion accounts.
In addition to 772 million email addresses, nearly 22 million unique passwords were dumped in plain text online. All the leaked data appeared in a folder "Collection #1" on cloud storage service MEGA, which Hunt likes to call "a popular hacking forum." The folder containing 2.6 billion records weighed in at 87GB, and the hackers did not seem to be interested in any monetary gain from the leak.
The monster data breach did not include other sensitive information, such as banking details or credit card details, but the fact that it accurately listed email IDs and passwords of people is alarming on its own. Proving the authenticity of the breach, Hunt said that the trove contained his right email address and a password he'd used many years ago.
The data breach doesn't appear to come from a single source, but a collection of more than 2,000 dehashed databases.
"It just looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There's no obvious patterns, just maximum exposure," Hunt told WIRED.
Hunt, the brainchild behind the website havibeenpwned, said he loaded the email addresses and passwords found in the breach on his site in order to help people see if they are affected. Users can visit Hunt's website and enter the email address or even the password to see if the same has been exposed.
If the website warns "Oh no – pwned!" it's certainly time to change your passwords immediately. If your email address or password is not "pwned," it's better to practice caution to prevent future attacks. One way to do so is trying out a password manager, such as 1Password, to securely store your credentials.
It is important to understand having a strong password for your online accounts. A combination of alphabets, numbers and characters is always recommended. Experts also warn against using the same password for multiple accounts, instead, it is better to pen down all passwords in a notebook and store it in a safe. Most services now allow two-factor authentication, and it should become a practice for all users to have the feature enabled as it makes it just as hard for hackers to break in.