Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach

Now is a good time to get a password manager app

Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number of plain text passwords.

The data dump, which Hunt has uploaded to his Have I Been Pwned site for people to check if they’re included, comprises “1,160,253,228 unique combinations of email addresses and passwords”, in Hunt’s words.

“I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives,” he added in his blog post announcing his find.

After cleaning up the data, Hunt boiled it down to 772.9 million unique email addresses, along with 22.2 million unique passwords. He estimated the hacked credentials were from the years 2008-2015.

The addresses and passwords were found lurking on Mega, the latest incarnation of rotund rascal Kim Dotcom’s file sharing website. It comprised “more than 87GB of data”.

While Hunt emphasised that he hasn’t exhaustively verified whether this is all new data or if it’s (even in part) a compendium of old creds floating around hacker forums, he did say: “My own personal data is in there and it's accurate; right email address and a password I used many years ago.”

Security firm ESET’s Jake Moore opined: “There has never been a better time to change your password… If you’re one of those people who think it won’t happen to you, then it probably already has. Password managing applications are now widely accepted, and they are much easier to integrate into other platforms than before.” ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like