A collection of nearly 2.2 billion unique usernames, passwords and other data has now been shared online (Image source: Reuters)A collection of nearly 2.2 billion unique usernames, passwords and other data has now been shared online, named Collection #2-5. This comes after Collection #1 was shared online which had leaked over 773 million unique users names and passwords in what was called as record breach.
According to a report on Wired, the collection of unique usernames and associated passwords has been freely distributed on hacker forums and “circulated widely among the hacker underground.”
Researchers and analysts at Hasso Plattner Institute in Potsdam, Germany have analysed the data and said that this is three times of what was found in Collection #1, notes the report. The data is nearly 845 GB with a total of 25 billion records in all.
The report notes that a lot of data appears has come from previous thefts, such as breaches of Dropbox, Yahoo, LinkedIn, etc. For many users, the passwords could be from years-old leaks.
The Hasso Plattner Institute has also created an Identity Leak Checker for those who are worried about their private information being compromised.
How to check if your email id, password has been leaked
According to the HPI website, the leak checker will look for whether your email address and other personal data, such as telephone number, date of birth or address, has been made public on the Internet where it can be misused for malicious purposes.
The leak checker points out that, “Everyday personal data is stolen in criminal cyber attacks. A large part of the stolen information is subsequently made public on Internet databases, where it serves as the starting point for other illegal activities.”
Users can enter their email id on the website to see if their information was ever compromised in a data breach. The chances are that if you have used your main email addresses for other services like say Disqus or Dropbox, it has likely been compromised.
After you enter your email id, the HPI website sends an email alerting you of where all your information has been compromised. In our case, one email id’s password was compromised in four breaches: Zomato, Dropbox, Adobe and Disqus.
If your email id and password were compromised, it will show a verified tick next to it. According to the website, it is recommended that users change their password with that particular account if they have not done so in the past.
The email also notes, “A verified leak (indicated with ✓) is a data leakage that was either confirmed by the service provider or there are many hints that point to an actual leak of the service. For a non-verified leak (without ✓), the origin of the leaked data and its authenticity are unclear.”
The website does not give out any information on the specific data involved in the named categories because of security reasons.
