A new security breach – Collection #1 – has seen close to 1-billion passwords compromised.
Sergey Lozhkin, security expert at Kaspersky Lab, comments: “This massive collection of data harvested through data-breaches had been built up over a long period of time, so some of the account details are likely to be outdated now.
“However, it is no secret that despite growing awareness of the danger, people stick to the same passwords and even re-use them on multiple websites.
“What’s more, this collection can easily be turned into a single list of e-mails and passwords: and then all that attackers need to do is to write a relatively simple software program to check if the passwords are working.
“The consequences of account access can range from very productive phishing, as criminals can automatically send malicious e-mails to a victim’s list of contacts, to targeted attacks designed to steal victims’ entire digital identity or money or to compromise their social media network data.”
Security blogger Troy Hunt writes that Collection #1 is a set of email addresses and passwords totalling 2 692 818 238 rows. It’s made up of many different individual data breaches from literally thousands of different sources.
In total, there are 1 160 253 228 unique combinations of email addresses and passwords, he adds, and a total of 772 904 991 unique addresses and 21 222 975 unique passwords once the data was cleaned.
Collection #1 has become the single largest breach ever loaded into Have I Been Pwned (HIBP).