Skip to main content

Huge cache of email addresses and user data leaked online

(Image credit: Image source: Shutterstock/kpatyhka)

Some 773 million unique addresses have been uncovered as a part of one of the largest data breaches every recorded.

According to security researcher Troy Hunt (opens in new tab) , the emails, residing on the MEGA cloud service, are part of a data breach he calls Collection #1. The database weighs more than 87GB. Besides emails, the database also holds 22 million unique passwords.

Some of them were “dehashed”, or converted back into plain text, from a bunch of scrambled characters.

"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see."

He has also said that there are more than a million of unique email address / password combinations. Apparently, his attention was drawn to the MEGA database by ‘multiple people’ that reached out to him.

"The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote.

The collection has since been removed.

Hunt also advises everyone to grab a password manager. “If you're in this breach and not already using a dedicated password manager, the best thing you can do right now is go out and get one,” he says.

Commenting on the breach, Jake Moore, cyber security expert at ESET UK also says a password manager is necessary.

“There has never been a better time to change your password. It is quite a feat not to have had an email address, or other personal information breached over the last decade. If you’re one of those people who think it won’t happen to you, and then it probably already has. Password managing applications are now widely accepted, and they are much easier to integrate into other platforms than before. Plus, they help you generate a completely random password for all of your different sites and apps. And if you’re questioning the security of a password manager, well they are incredibly safer to use than reusing the same three passwords for all your sites.”

Image source: Shutterstock/kpatyhka

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.