"Collection #1" Massive Passwords and Emails Dump! Are You Affected?steemCreated with Sketch.

in #hack6 years ago

hacking.png

Hello everyone! A new passwords and emails dump was recently uploaded to a popular file hosting site called MEGA. There were a total of 772,904,991 unique email addresses and 21,222,975 unique passwords exposed in this dump. This was reported on the 15th Jan 2019, however, the dump was likely made 1 month back on the 15th Dec 2018.

Is this a new data breach?

Yes and no. According to Troy Hunt, the security researcher who discovered this dump, of the 772 million email addresses, there were only 140 million new records. And among the 21 million passwords only half of them are new entries. Hence, I think this is a consolidated list of a few previous breaches with some new ones.

How do I know if I am affected?

Troy Hunt is the founder of the site "";--have i been pwned?" and he has updated the site's list to reflect the "Collection #1" breach. You can head over to the site and check if your email address is found in the dump. Being affected in a few of the previous breaches, it is not surprising that my main email address is part of the list.

If you are doubtful if the site will store your information, you can read their privacy FAQs. You have to take their word for it though. How nice would it be if it is decentralized and open-sourced 😎.

image.png

What should I do if I am affected?

The immediate thing to do is to change your passwords. The next thing to do, if you have not done despite my multiple warnings 😠, is to start using a password manager. A password manager helps you keep track of your passwords at different sites. This will allow you to create unique passwords for each site and not reuse them. Why is this important? It is important because of a common attack known as "Credential Stuffing".

Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.

Credentialstuffing.png

Source

If your credential is breached for one site and you are using the same one for another site, then it will be susceptible to "Credential Stuffing" attacks.

Last but not least, enable multi-factor authentication (MFA) as long as the site supports. MFA protects you against "Credential Stuffing" attacks as having just your password is insufficient to login to your account.

Why is the data dump called "Collection #1"?

As shown in the image of the data dump, the original uploader named it "Collection#1" (top left corner). Hence, Troy Hunt also used the same name. This kind of suggests that it is not the only data dump and likely there will be more of this coming up.

troyhunt_MEGA.png

Conclusion

The internet is subject to constant attacks and breaches. Do not assume that the site owners are going to keep you safe. Take security seriously and it is up to you to stay safe in the cyber realm. And of course, follow me if you want to be keep informed on serious breaches like this one :). Thanks for reading and do share your thoughts on this incident.

View this post on Steeve, an AI-powered Steem interface

#breach #security #passwords #news
6 years ago in #hack by
$32.32
  • Max accepted payout: $100,000.00
  • Past Payouts $32.32, 0.00 TRX
  • - Author $24.43, 0.00 TRX
  • - Curators $7.89, 0.00 TRX
105 votes
Reply 7
Sort:  
  • Trending
    • [-]
     6 years ago 

    oh crap, i got pwned in many many sites arghhh

    $0.18
    • Past Payouts $0.18, 0.00 TRX
    • - Author $0.14, 0.00 TRX
    • - Curators $0.04, 0.00 TRX
    3 votes
    Reply
    [-]
     6 years ago 

    Gotta change your passwords man. Haha..

    Posted using Partiko Android

    $0.11
    • Past Payouts $0.11, 0.00 TRX
    • - Author $0.08, 0.00 TRX
    • - Curators $0.03, 0.00 TRX
    1 vote
    Reply
    [-]
     6 years ago 

    As far as I know, I'm not.

    Posted using Partiko Android

    [-]
     6 years ago 

    That's good to know!

    Posted using Partiko Android

    $0.03
    • Past Payouts $0.03, 0.00 TRX
    • - Author $0.02, 0.00 TRX
    • - Curators $0.01, 0.00 TRX
    2 votes
    Reply
    [-]
     6 years ago 

    Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!

    $0.00
      Reply
      [-]
       6 years ago 

      Hi @culgin!

      Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
      Your UA account score is currently 3.620 which ranks you at #5712 across all Steem accounts.
      Your rank has dropped 27 places in the last three days (old rank 5685).

      In our last Algorithmic Curation Round, consisting of 184 contributions, your post is ranked at #39.

      Evaluation of your UA score:
      • You're on the right track, try to gather more followers.
      • The readers like your work!
      • Great user engagement! You rock!

      Feel free to join our @steem-ua Discord server

      $0.00
        Reply

        Coin Marketplace

        STEEM 0.19
        TRX 0.15
        JST 0.029
        BTC 63643.10
        ETH 2582.85
        USDT 1.00
        SBD 2.75