It’s time to change your passwords – all of them. A newly revealed collection of email addresses, accounts, and passwords now constitutes the largest set ever exposed. And it appeared just this week. The sheer size of this breach of information eclipses that of any other single incident – and the chances that your email isn’t amongst the leaked is small.
The set of emails and passwords was called “Collection #1” by security researcher and first non-malicious entity to reveal the set, Troy Hunt. Troy Hunt is also a Microsoft Regional Director and the creator of the single most massive is-my-email-compromised checker in the world, “Have I Been Pwned?” OF NOTE: That site is supported by the folks at 1Password, so Hunt could, potentially, be profiting from it – but the services it offers are truly legit, and free to the end user.
The situation today is also quite legit in its complexity, scale, and importance. This leak is the biggest leak in recent history by a long shot – and the largest breach of accounts, ever, by around 61-million. The size of this breach is difficult to imagine.
Collection #1 Data Breach Statistics:
• Rows: 2,692,818,238
• Individual Data Breaches Included: Thousands
• Unique Email/Password Combos: 1,160,253,228
• Unique Email Addresses: 772,904,991
• Unique Passwords: 21,222,975
That last number should give you pause. Through there were approximately 773-MILLION emails in the breach, there were only 21-million passwords. That means there were repeats in excess. Massive numbers of passwords were in the mix that were identical to one another.
At this point I’d link you to HaveIBeenPwned again, to the Passwords section – but you can get to it through the link above if you need. What you really SHOULD be considering doing before that, is changing your password. Change your password right now, after you’ve checked the Pwned Passwords collection over here and found your new password to NOT be amongst those of that collection.
It does not matter if your password is one word with no numbers, or if there are capital letters, or whatever. Just so long as the password is not in that database, you’ll be 100% more secure than you’d have been having not changed your password in the first place. Stick around as we continue to investigate this massive breach.