Huge data breach reveals hundreds of millions of emails and passwords from across the internet

Logins were made easily available for anyone to download

Huge data breach reveals hundreds of millions of emails and passwords from across the internet

Hundreds of millions of email addresses and passwords have been posted online for anyone to download.

Nearly 800 million logins are in the huge dump which contains information from thousands of data breaches.

The stolen details are likely to be in use for years as hackers attempt to take over affected users accounts.

Cybersecurity expert Troy Hunt said a list of more than 2.6 billion records containing around 773 million unique email addresses and more than 21 million unique passwords was being shared on a "popular hacking forum".

Mr Hunt said his initial analysis of the data, which has been dubbed Collection £1, found it had been compiled from more than 2,000 different data breaches and hacked databases or websites, confirming some of his own personal information had also appeared in the lists.

The database did not appear to contain any more sensitive information - such personal finance information and credit card details, he said.

Mr Hunt claimed his research on the list suggested around 140 million of the email addresses had not appeared in previous breaches and were therefore newly exposed details.

He warned the lists could be used by hackers to carry out "credential stuffing" attacks, where hackers take lists of usernames and passwords and enter them on a range of other platforms to try and force access to different user accounts.

"In other words, people take lists like these that contain our email addresses and passwords then they attempt to see where else they work," he said.

"The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem."

The security expert called on people to check the website Have I Been Pwned, a data breach monitoring website which can tell users if any email address they use has ever been compromised in a hack, and to change any passwords linked to exposed accounts.

"If you're reusing the same password(s) across services, go and get a password manager and start using strong, unique ones across all accounts. Also turn on 2-factor authentication wherever it's available," he said.

The database and its contents - though mostly a collection of data from other incidents - could be considered one of the largest data breaches ever, exceeding the 500 million accounts affected by a Marriott breach that was confirmed in December, but far less than the three billion accounts hit by a breach on Yahoo in 2013.

Additional reporting by Press Association

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in