Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA. In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data. The data, dubbed Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows that has allegedly come from many different sources.
Commenting on the news is Javvad Malik, security advocate at AlienVault:
“Collection #1 is a massive dataset of compromised credentials across many different breaches. It goes to show the magnitude of the breaches and how the cumulative effect is quite devastating. It serves as a reminder of the risks that come with reusing passwords, or how using email addresses as an identifier can compromise individual privacy. The silver lining is that companies can use the data from Collection #1 to enrich their detection capabilities by proactively looking at credential stuffing attacks, or blocking users from reusing passwords that have been compromised.”
(40)
