Thursday, December 19, 2024
HomeComputer Security773 Million Credentials of Email & Password leaked in Massive Data Breach...

773 Million Credentials of Email & Password leaked in Massive Data Breach – Biggest Data Dump Ever Found on a Decade

Published on

SIEM as a Service

Welcome to the Massive Data breach of 2019, around 773 million datas contains email addresses and passwords were breached and circulated in hacker forums. This data breach seems to be bigger and critical than earlier breaches like “Equifax” and “Marriott International“.

Let’s have a look into This Massive Data Breach

The data set was first reported by security researcher Troy Hunt, who maintains Have I Been Pwned, a way to search whether your own email address or password has been compromised by a breach at any point. Many of us know about the famous “HIBP” site, where users can check whether their email address or the unique password is “pwned” somewhere.

Let’s assume, that I’m using “Test@gmail.com” and a “Password12$”. Since we are accessing various sites using this same email address and same password for it for better convenicence.

- Advertisement - SIEM as a Service

To measure the criticality of this, Years ago Troy the security practitioner created a site “haveibeenpwned” to validate whether the email address has been used somewhere else or by someone else and also recently he has created a feature to also check uniqueness for validating the passwords. Over the years, many user/organizations/institutions were using this site and checking the credentials uniqueness.

Exactly what was happens?

MEGA cloud storage service, recently seen some folder named as “Collection#1“, this folder have some 12K files and merely 87GB of data. Some of the links directly pointing out to popular hacker forums mid-December.

This Massive Data Breach contained a data, dubbed names as Collection #1“, is a set of email addresses and passwords totaling 2,692,818,238 rows that have allegedly come from many different sources.

This Massive Data Breach leads to the expose of email addresses and passwords which has been harvested from various other sources of different breaches of different timeframes were kept in a folder.

So Totally 772,904,991 The unique email addresses and 21,222,975 unique passwords exposed which is now loaded into Have I Been Pwned (HIBP)

Risk Factor

The unique email addresses and the passwords, can be used by the hackers for the credential stuffing.

“Credential Stuffing – It is the automated process of breached username/passwords pair in trying combo to gain unauthorized access of user accounts through large-scale automated login requests.”

There are possibilities, of hackers can leverage the help of using various software to invoke the credential stuffing. Also, there are some possibilities where they can sell the data’s in DarkNet to the highest bidder, who can use it for APT attacks. “Attribution of this breach still unknown“.

Current Solutions

1.) Never reuse the same password for all the apps/sites.
2.) Increase the strength of the password by adding more mixe characters.
3.) Get a password manager.
4.) Enable 2-Factor-Authentication on social media platforms

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Latest articles

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing...

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase...

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing...

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase...

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...