On many occasions, we have recommended some basic safety practices. Like not using the same password in all the sites we use, or using measures like authentication in two steps. But sometimes that’s not enough. If an attacker gets directly into the database of the website we use, we probably won’t be able to do much about it. and your data leak happens.
Now repeat that, billions of times. Specifically, 2,692,818,238 times. That’s the number of records in “Collection #1”, the database that has just been released on the Internet by unknown sources; and that stores an absurd number of email addresses and passwords.
Largest data leak in history
This is the largest data leak in history; it’s so much data that it takes up as much as 87 GB of storage on its own. This was revealed by security expert Troy Hunt, who had the titanic task of reviewing the database; and see to what extent we should fear for our security. Hunt received the database anonymously through a MEGA account, the file-sharing service; although it has already been deleted from the original account, it is inevitable that it is already being shared across the entire network.
The figures in Collection #1 make it a little dizzy. The database is made up of 2,692,818,238 entries, although in reality we are dealing with a kind of Frankenstein monster. The data comes from thousands of leaks from different sites and services; the creators of this database have gathered the “spoils” of these attacks in one place.
This brings us to the second figure: in the database there are more than a billion unique combinations of mail and password; therefore, more than a billion entries are repeated, probably because users have used the same password on different attacked sites.
Hundreds of millions of filtered email addresses and passwords
The only positive thing is that some of this data cannot be used, or at least not easily; in some cases the hackers who obtained the data initially sabotaged or encrypted it, and even in some entries only compressed files are kept.
After the initial cleanup, Troy Hunt discovered more than 770 million unique email addresses. This is the largest number of emails filtered at one time. With such a large number, it is very likely that if you read these words, this filtering has affected you. The other important fact is that more than 21 million unique passwords have been found; this really reveals the extent to which we repeat the password in different services.
Of course, there is a margin of error for all these figures. These hackers are not exactly clean and tidy, and there are many entries with strange characters, and even traps in the form of SQL strings (in case someone tries to add this database to your system). Some passwords are also “hashed”, have been passed through algorithms that are the first line of defense in a service; however, that does not mean that they have been properly encrypted, and it is usually possible to obtain the content of a hash.
How to tell if your data has been leaked
This database is already being shared in hacking forums, as well as on Dark Web sites. Considering the figures we’re talking about, it’s very likely that you’re affected. Fortunately, there’s a sure way to find out.
Troy Hunt is also responsible for Have I Been Pwned, one of the best security sites and that we have already recommended on other occasions. This site is very simple, we only have to enter our email address, and the site will tell us if it appears not only in the list of Collection #1, but also in other leaks in recent years.
In addition, we can also use Pwned Passwords to purchase if our password is being shared. This doesn’t always work, as it is possible that the password has been stored encrypted or “hashed”; but it is important to check it as well.
If our email appears in the database, a warning will appear and we will receive some advice. The most important thing is to change the password of all the sites that we use; or to use applications or services to generate new more secure passwords. It’s a long and tedious process, but the magnitude of the filtering is such that there aren’t many alternatives at the moment.