Over 87GB of email addresses and passwords exposed in Collection 1 dump

An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.

Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA.

In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data.

The data, dubbed Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows that has allegedly come from many different sources.

"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see."

Some passwords, including his own, have been "dehashed", that is converted back to plain text.

Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. 

"The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. 

The collection has since been removed.

You can use Hunt's Have I Been Pwned service to see if your information has been exposed.

https://www.zdnet.com/article/over-87gb-of-email-address-and-passwords-exposed-in-collection-1-dump/ 

https://community.norton.com/en/comment/8080751#comment-8080751

773M Password ‘Megabreach’ is Years Old

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.

Corporate IT security practices are a joke in today's world of incompetent IT folks. Money and profits tower over securing data.