Following the leak of Collection #1, a data dump containing 700 million unique passwords, a second, much larger load of information is set to also be revealed.
Collection #2-5 contains 2.2 billion unique usernames and passwords, and was apparently leaked, as previously announced. That's roughly 850GB of data and more than 25 billion records.
According to security researchers speaking to Wired, more than 130 people are making the database public, and so far more than 1,000 people have downloaded this 'goldmine for hackers'.
“2.2 billion unique records is a staggering number. We are becoming accustomed to breach notification news, but sad to say, the use of multi-factor authentication is still not utilised whenever and wherever possible,” commented Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence Centre, OneSpan.
“Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance. Technology is evolving, and next-generation authentication, intelligent adaptive authentication, is gaining momentum. This technology utilises AI and machine learning to score vast amounts of data, and based on patterns, analyses the risk of a situation and adapts the security and required authentication accordingly.”
The database contains unique email addresses and accompanying passwords, some of which were dehashed and converted back into plain text.
Some passwords are years old, but some may very well still be in use. Experts are warning that people sometimes recycle old passwords, or use the same password across different services, which is a huge security risk.
Consumers are advised to use a password manager, opt for different passwords for different services, never reuse them and turn on two-factor authentication where possible.
Image Credit: Rawpixel.com / Shutterstock