A gigantic 87 gigabyte archive of 773 million unique email addresses and their associated cracked or dehashed passwords has been discovered to be promoted at an online hacking forum. This file is called "Collection # 1" and was designed to be easily used in credentials.
Credentials are when attackers take e-mail address lists and their associated cracked / dehashed passwords and use them to try logging in to different locations. If there is a matching account that uses the same credentials, the attackers will access your data and potentially financial assets.
This collection was discovered by security researcher and has been pwned by the creator Troy Hunt and consists of 2,800 different files containing the leaked account information from many data breaches. While the original data from these data breaks must have had encrypted passwords, the one composing this collection converted them into dehashed passwords to make them easier to use in attacks.
This collection is called "Colection # 1
On a blog entry, Hunt states that this collection contains 1,160,253,228 unique combinations of email addresses and passwords, 772,904,991 unique email addresses. addresses and 21,222,975 unique passwords. The researcher further emphasizes that the oldest data appears to be from a break in 2008.
After receiving the archive, Hunt has loaded what I have been pwned so that subscribers would be notified of the latest break and for new users to check if their accounts have been postponed.
For those who aren't familiar with, I've been pwned, it's a site where you can submit your email address and see the data violations your account was exposed to. Below you can see a small piece of the violations that the email address email@example.com was exposed to.
As always, it is important to create a unique password on each site where you create an account. Since it is difficult to remember that unique passwords on each site may be difficult, it is also suggested to use a password manager to help organize your passwords.
Using unique passwords causes data breaches to only affect the specific credentials of this site over many websites it would have been affected if you used the same password everywhere.