A breach detection service, HaveIBeenPwned.com, has uncovered the largest ever known breach that includes 773 million unique email addresses and 2.7 billion records.
The list, which can be searched to find if your email appears in it on HaveIBeenPwned.com, also contains 21 million passwords.
Troy Hunt, founder of the website, has named the list “Collection #1” due to the fact that the hacking forum hosting it had the name (image below).
The enormity of the breach is staggering
To put things in context, the total records in Collection #1 amounts to 2,692,818,238 rows and will require almost 500GB of HDD space to store. That is 100 HD movies and over a 100 Blu-Ray movies.
In fact, the database is so big that most computers that run on 32-bit architecture cannot process it. In fact, it took Troy Hunt (Follow him on twitter) 3 days to process all of this on the cloud at cost of over $20,000.
Collection #1 is a not a single breach but a collection or several previous hacks
Collection #1 includes over 12,000 files and is almost 87GB stored in text format. It includes credentials from several past hacks totalling to hundreds.
Essentially, someone has gathered the credential from previous hacks, in some cases decrypted the passwords and then pasted in online hacking forums to share.
What can you do?
Immediately to to the IHaveBeenPwned website, and check if you emails appear in any of the list of emails that have been leaked.
Then go to the password section of IHaveBeenPwned and type in any of your passwords to see if they have appeared anywhere.
While you can’t check if you email and password both have been leaked together, if you find you password on the you should change it immediately