Collection #1: The ‘largest’ data breach ever discovered
Over the years, many sizeable well-known household name companies have fallen victim to cyber attackers, including many large players that you may not have heard of. Here we look into what we believe to be the most significant data breach the world has experienced.
So you may be wondering just who has fallen victim to such a vicious cyber-attack? The answer, however, isn’t as simple as you might think.
What is Collection #1
In January 2019, many people worldwide woke to find emails about their personal information being exposed in a data breach called collection #1. Cybersecurity researcher Troy Hunt (who owns and runs haveibeenpwned.com) first reported this collection, containing 772,904,991 unique email addresses and 21,222,975 unique passwords, after it was posted to a hacking forum.
How did this happen & where did the data come from?
The data, now removed, was found on cloud service MEGA, a popular hacking forum. This collection was compiled from many individual data breaches from nearly 3 thousand different sources. Cyber attackers likely acquired these details via vulnerabilities in smaller sites that do not prioritise security.
‘My own personal data is in there, and it’s accurate; right email address and a password I used many years ago.’ – Troy Hunter
How can this information be used?
The information can be used in several ways:
- Credential stuffing – a cyber attack that automatically tests email & password combinations to hijack accounts held elsewhere, with inadequate security.
- Id theft – the more data cybercriminals have, the more likely they are to gain access to another account. They build up a profile by using different data from different lists.
How serious is this?
Please note that while this was the single biggest collection, there have been others that, when combined, shadow collection #1. However, there is no need to panic; although 18% of the information contained was unique, 61% of these were already known to have been compromised.
Most of the exposed data originated from eastern European countries, such as Russia, Ukraine, and middle eastern countries, such as Uzbekistan and Kazakhstan. Furthermore, there is no way of knowing whether these were genuine.
“Somehow, the Collection #1 incident turned into a feeding frenzy of media, breach traders, security firms, and industry voices alike, all vying for a piece of the attention. While there was undoubtedly value in the awareness it created, an increasing infatuation on which list is the largest or who’s sitting on the largest stash of data is just downright counterproductive. It becomes a sideshow of superlative news headlines as the discussion turns to ‘who’s is biggest’ rather than what should we actually be doing about this.” – Troy Hunter
How to assess your own exposure
“Everyone needs to make the assumption that an email address or password is in a list that attackers have access too.” – Dan pitman
You can use https://haveibeenpwned.com/ to see if your email address has been compromised and https://haveibeenpwned.com/Passwords to check your passwords. HIBP does not store passwords and email addresses together, removing any connection between the two to prevent misuse.
If your details have been compromised you should:
- Start a new email address
- Download a password manager
- Change passwords on all compromised accounts and any other accounts using similar/identical passwords
How to keep your email address and passwords secure
There are many ways you can take control of your security online by learning more about creating secure passwords and using password managers. Read these articles to learn more about the most common errors people make when creating passwords and discover tips on how to make secure and memorable passwords:
How websites can better protect their data
Omnicyber Security offers pen testing services for organisations of all sizes. We are a Darktrace partner, bringing world-leading cyber AI defensive technologies to our client’s digital environments.
You can visit https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ to learn more about:
- Verifying data breaches
- Cleansing of this data
- How HIBP protects compromised emails & passwords
- Anonymity models
- FAQS from Tony & other commenters