The biggest collection of hacked emails ever discovered has been leaked online. The enormous cache of email address credentials was found by a security researcher on a hacking forum.
It is believed that the enormous treasure trove of hacked email credentials was uploaded to the forum in mid-December. It consists of more than 770 million email addresses and passwords.
The massive collection of passwords was discovered by Troy Hunt who runs the Have I Been Pwned breach notification website. According to Hunt the cache of passwords is most likely the result of various different
On his website, Hunt explains that “in total, there are 1,160,253,228 unique combinations of email addresses and passwords” and “21,222,975 unique passwords”.
According to Hunt, the vast majority of the hacked email credentials have appeared online before, he concludes that the majority came from hacks such as the 360 million MySpace accounts hacked back in 2008 or the 164 million LinkedIn accounts hacked in 2016.
Many new passwords
That said, the security researcher was able to ascertain that at least 140 million email addresses from this leak had never been featured in his Have I Been Pwned (HIBP) database.
Consumers are being advised not only to check to see whether they have been affected by this (or a previous) breach by entering their email into
More importantly, anybody who has not set up dual factor authentication on their email account is strongly advised to do so, this will stop hackers from getting in using a password alone.
Password managers and unique passwords
As is always the case when this kind of breach is made public, it is a serious reminder of the need for consumers to use complex and unique passwords. Often when hacks occur, cybercriminals will use credentials in order to attempt to penetrate secondary online services such as social media accounts on Twitter and Facebook.
Consumers who use the same password and email address to access various accounts, always leave themselves open to the possibility of cross-service penetrations. It is for this reason that it is so vital for consumers to use a variety of unique passwords across their accounts. What’s more, due to sophisticated brute force techniques, it is essential for passwords nowadays to be difficult.
A long chain of random characters, numbers, and symbols is always best.
Password managers let people protect all their accounts with strong unique passwords while allowing them to remember just one password for the password manager itself.
The best password managers (KeePass or BitWarden) use end-to-end encryption to protect users’ passwords. This is a highly secure method of ensuring all accounts have a unique strong password because only the user holds the keys. (this does mean that,
Other password managers such as FastPass encrypt the passwords on their servers themselves and hold a copy of the key. This allows for account recovery - but is nowhere near as secure.
This applies to you!
Finally, for anybody who thinks they haven’t been penetrated - it is worth noting that cybersecurity experts such as
Jake Moore at ESET UK
Remember, even high profile tech personalities such as Facebook’s Mark Zuckerberg have account breaches so just assuming it hasn’t happened to you is not a good way of thinking.
Update your passwords regularly and ensure they are long and complex with a combination of standard letters, capitals