Geraldine Strawbridge

Geraldine Strawbridge is a graduate from the University of Glasgow. As the Editor of Cyber Radio, Geraldine is focused on delivering the latest cyber security news whilst making cyber security more relatable to people in their everyday lives.

The mother of all data breaches has been discovered and it exposes more than 770 million unique email addresses and 21 million passwords.

The breach was uncovered by Security Researcher Troy Hunt, who runs the website Have I Been Pwned. The website enables people to check if their email address or password has been compromised in any previous data breaches, and details the sites in which the data was leaked from.

Hunt has dubbed the leaked data ‘Collection #1’, and it’s the single biggest breach to be ever loaded onto the Have I Been Pwned database.

The data was found on a popular hacking forum, and in its entirety, it contains more than 2.6 billion records. This breaks down into more than 1.1 billion unique email address and password combinations, but once Hunt cleansed the data, he was able to get this down to 772,904,991.

It appears the records are made up of many different data breaches from thousands of sources, rather than representing one single breach.

It’s believed the compromised data will be used by hackers to carry out ‘Credential Stuffing’ attacks. This is where hackers will use stolen information taken from one site and use it in a brute force hacking attempt to try to get into various other systems.

According to Hunt: “The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you’ve long since forgotten about, but because its subsequently been breached and you’ve been using that same password all over the place, you’ve got a serious problem.”

The breach could potentially affect anyone who has used the same password and username combination across multiple sites.

To check if your data is included in the leak, you can visit HaveIBeenPwned.com and enter your email address. As soon as you hit enter, you will be able to see if your data was included in the “Collection #1” leak or any other previous data breaches.

If your details appear on the site, you should change your passwords immediately. The breach highlights the importance of password safety and the use of unique passwords for different sites and accounts.

For increased password protection:

  • Create unique passwords: The secret to creating a unique password is to make it memorable but difficult to crack. Passphrases offer more protection than a traditional password. They are typically longer, more complex and easier to remember. A passphrase is a combination of words, letters, numbers, spaces and punctuation marks. The first letter of each word will form the basis of your password, and letters can be substituted with symbols and numbers to make it more difficult to decipher.
  • Use Different Passwords for Different Accounts: Using the same password for multiple accounts can out put us at great risk of being hacked. If attackers can work out just one of our passwords, they can potentially access every single account we have. It’s always best to use different passwords for separate accounts to ensure our accounts remain safe and secure.
  • Consider the use of a Password Manager: A password manager will provide a centralised and encrypted location that will keep a record of all your passwords safe.  Password managers store login details for all the websites that you use and logs you in automatically each time you return to a site.
  • Multi-Factor Authentication: Multi-factor authentication offers an extra layer of defence in protecting the security of your accounts. In addition to a password, multi-factor authentication requires a second or third piece of information to confirm the user’s identity. This makes it much harder for a hacker to compromise an account and gain access to sensitive information.