794 Million Emails And Passwords Were Leaked In A "Monster" Data Breach

Cannot stress it enough: change your passwords now.

If you throw a stone, you'll probably find someone who has been affected by the massive data breach that just happened

Security researcher Troy Hunt - who maintains "Have I Been Pwned" (HIBP) - first reported about the breach yesterday, 17 January, and has since dubbed it as "Collection #1".

The latest breach - which other media outlets have reported as a "monster breach" - sees over 772,904,991 unique email addresses and over 21 million unique passwords leaked onto an online forum for hackers.

Although some of the data may have been brought over from previous breaches, Hunt said "there's somewhere in the order of 140M email addresses in this breach that HIBP has never seen before."

So what does this mean for you?

Well, if you're still using any of the passwords that ended up in "Collection #1", any of your other accounts on various sites could be at risk.

Image for illustration purposes only.

Image via Jefferson Santos/Unsplash

"People take lists like these that contain our email addresses and passwords then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services," explained Hunt.

He added, "Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem."

Whether you were affected or not, what steps should you take next?

First of all, check if any of your email addresses or passwords have been compromised on "Have I Been Pwned" and on "Pwned Passwords", respectively. Both are trusted websites that make it easy for the general public to check if their personal information has been compromised in any breaches or leaks.

Here are other important steps that you should take:
- Change all your passwords immediately,
- Do not use the same password on different sites,
- Enable two-factor authentication wherever possible, but especially for emails,
- Use a password manager app such as 1Password or LastPass.

Leave a comment