The database that he calls "Collection #1" includes email addresses and passwords totalling 2,692,818,238 rows. Yes, you got that one right, more than two and a half billion details. When all the duplicates removed, it still leaves more than one billion login details (email address and password combination) to the database. And there are more than 700 million unique email addresses there, so some email addresses were breached in more than one data leak, with different password.
Mr. Hunt, who works as a regional director for Microsoft got the data from popular anonymous file sharing service MEGA and its origins, according to him, point to a popular hacker forum where the set of files is distributed openly among the hackers. Dataset in question is 87 gigabytes in size and has more than 12'000 files in it. He details the project in his own blog.
To help to indetify whether youre account has been breached, he has put together a website for anyone to test it:
Have I been Pwned?
Entering your email address there wont gather any data, but will simply tell you whether your account is one of those that have been including with this massive data collection - or not.
If your email address shows that you are in the list, it is highly recommended to change your passwords immediately across all business critical services. We recommend using password manager, something like LastPass, and to let it randomize you a different password for each service.
Written by: Petteri Pyyny @ 17 Jan 2019 4:16