A dump called “Collection #1” has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy “Have I Been Pwned” Hunt (previously) de-duplicated to come up with 773 million unique records — of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before.

Collection #1 appears to have been created by cracking lots of online services of every size and description and subjecting their passwords to guessing programs that undid the hashing of millions and millions of them. It’s the kind of database that is of great use to “credential stuffers” who just throw known-good login/password combinations at services they want to attack until they get in.

The dump is on “a popular hacking forum” (having previously been available on Mega, the cloud service). It’s a folder with 12,000 files totalling 87GB.

Hunt has ingested this dump into the Have I Been Pwned? database, and you can search it to see if your credentials appear in it.

Pretty darn serious! While it doesn’t appear to include more sensitive information, like credit card or Social Security numbers, Collection #1 is historic for scale alone. A few elements also make it especially unnerving. First, around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database, meaning they’re not just duplicates from prior megabreaches.

Then there’s the way in which those passwords are saved in Collection #1. “These are all plain text passwords; if we take a breach like Dropbox, there may have been 68 million unique email addresses in there but the passwords were cryptographically hashes making them very difficult to use,” says Hunt. Instead, the only technical prowess someone with access to the folders needs to break into your accounts is the ability to scroll and click.

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach [Brian Barrett/Wired]

(Image: Cjp24, CC-BY-SA)


Cory Doctorow

I write books. My latest are: a YA graphic novel called In Real Life (with Jen Wang); a nonfiction book about the arts and the Internet called Information Doesn’t Want to Be Free: Laws for the Internet Age (with introductions by Neil Gaiman and Amanda Palmer) and a YA science fiction novel called Homeland (it’s the sequel to Little Brother). I speak all over the place and I tweet and tumble, too.


Let’s block ads! (Why?)


Source link

Load More By admin
Load More In Tech

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

IPhone owners can sue Apple for monopolizing App Store, Supreme Court rules – CNN

[ad_1] Justice Brett Kavanaugh, in the majority opinion, said that when “retailers e…