Massive collection of credential leaks discovered

My favourite Queenslander Troy Hunt from haveibeenpwned.com has released the largest collection of leaked credentials.

Dubbed Collection #1 the database contains 2.6 billion rows of email and passwords gathered from thousands of breaches and other sources. Removing duplicate entries prunes the database down to 1.2 billion unique email and password combinations and further cleaning of entries containing invalid email addresses that include illegal delimiters SQL injection statements and other garbage yielded a still record-breaking 773 million records for the website.

So why is this important?

This database contains email addresses and passwords that have been in use by hackers to attempt to compromise a number of accounts because they know that a majority of people reuse passwords. Going on this theory, hackers often take an authentication pair (username and password) and try it against all the popular services they can think of (Google accounts, Facebook, Twitter, popular email services etc.) in order to try to gain control of those accounts. Once the account is compromised it is either sold on the black market or is used to forge a identity.

For us, the simple take away is to make sure we use unique password for as many services as possible. The smart money often goes to using password managers as they not only remember our passwords for us but can generate complex beasts of passwords automatically and fill in the username and password fields on our behalf.

For the full run down from Troy click here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.