I recently received an email about a supposed hacking incident that involves millions of accounts and passwords to which the IT department warned me to check all my accounts to see if I have been pwned. This so-called megabreach, according to some research done by KrebsOnSecurity, is not necessarily the largest neither is it the latest.
The dump, labeled “Collection #1” and approximately 87GB in size, was first detailed earlier today by Troy Hunt, who operates the HaveIBeenPwned breach notification service. Hunt said the data cache was likely “made up of many different individual data breaches from literally thousands of different sources.”
KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security, a company that specializes in trawling underground spaces for intelligence about malicious actors and their stolen data dumps. Holden said the data appears to have first been posted to underground forums in October 2018, and that it is just a subset of a much larger tranche of passwords being peddled by a shadowy seller online.
If you haven't yet checked whether your accounts have potentially been hacked, then you may go to the site HaveIBeenPwned and take steps to secure them.
(Image credit: KrebsOnSecurity)