This is one of the largest data breaches in the history of the internet.
Security researcher Troy Hunt has revealed that a total of 772,904,991 emails and 21,222,975 passwords have been breached online.
This specific data dump, called "Collection #1," is a stack of multiple leaked databases that include passwords that have been cracked and holds within itself 2.7 billion records. The stack consists of 87GB of data and contains over 12,000 files.
Hunt stated that the data was leaked on a cloud-based sharing website, Mega which Hunt refers to as a hacking forum. The way the passwords have been retrieved by the hackers is when a user logs into a website and saves the password; their password gets stored in the form of hash –– a long string of numbers and letters that are generated with a computer algorithm.
The next time a user enters the password, the algorithm calculates the password and matches it with the stored hash and logs in if there is a match. The latest breach indicates that the hackers have collected and presented the password in the form of plain text in Collection #1.
How does one check if their details have been breached?
Hunt stated that users could check if their unique email id and passwords have been breached and added to the collection. Users can log in to ‘Have I been Pwned’, Hunt’s website where he has loaded the collection. The system will trace the collection and find if the user’s id or password has been compromised or not. The website also tells users how many times their account was breached previously, the IP address from where the account was accessed, location among other things.
Secondly, users can head to ‘Have I Been Pwned’s companion platform called Pwned Passwords, and type in any password combination that they can use to see if that particular combination has ever been leaked in any of the previous data breaches.
How is this different from the information that Facebook and Google collect?
We often hear about tech giants like Facebook and Google who are under the scanner for sharing user data with other companies without the direct consent of the user regarding the usage of this data.
Emails and passwords are set up by the user on Facebook and Google and the user, while signing up, agrees to the information shared with the company.
In the present case, this data - emails and passwords- were stolen without the user's consent. This is one of the largest data breaches in the history of the internet.
In 2016, nearly 300 Million email accounts were hacked.
