Welcome to the first big data breach of 2019. Data stored on cloud storage service MEGA has been reportedly compromised, resulting in more than 87GB of passwords and email addresses getting leaked.
Security researcher Troy Hunt has highlighted “Collection #1,” a set of records made up of 773 million unique email addresses and 21 million unique passwords.
Hunt, who maintains the ‘Have I been Pwned’ website that shows if an email appears in a breach, writes that Collection #1 is made up of 2,692,818,238 rows of email addresses and passwords across 12,000 separate files. The 87GB of data had briefly been accessible on cloud service MEGA and is now on “a popular hacking forum.”
He also warned that the lists could be used by hackers to carry out “credential stuffing” attacks, where hackers take lists of usernames and passwords and enter them on a range of other platforms to try and force access to different user accounts.
“In other words, people take lists like these that contain our email addresses and passwords then they attempt to see where else they work,” he said.
The security expert called on people to check the website Have I Been Pwned, a data breach monitoring website which can tell users if any email address they use has ever been compromised in a hack, and to change any passwords linked to exposed accounts.