David Baxter PhD
Late Founder
2.2 billion email addresses and passwords leaked - are you affected?
Ashampoo Blog
Feb 5, 2019
Usually, large (and illegal) email and password collections are an expensive commodity. Hackers, intelligence agencies and spammers tend to pay good money for extensive and detailed data sets on the dark web to support their activities. Recently, "Collection #1" was circulated and caught the eye of IT security expert Troy Hunt. It contained 773 million email addresses and 21 million passwords in clear text, much to the alarm of many users. One week later, it became apparent the data set was only the tip of the ice berg.
While originally assumed to be a rare find, "Collection #1" with its 87 GB and 12,000 individual files, was quickly overshadowed by "Collection #2" and "Collection #5", totaling 600 GB. The sets are still being analyzed but, so far, 2.2 billion email addresses and passwords have been identified, not all of them in readable clear text, though. It's likely the data was stolen from various companies and other facilities over an extended period of time. And since the lists are now easily accessible by anyone through common search engines, it's high time you changed your passwords.
The problem for many is they use the same combination of email address and password for multiple portals and services. Once hackers get hold of a collection, they tend to employ a strategy called "credential stuffing" that involves automated login requests directed against web applications. The more accounts are linked to a single email password pair, the higher the success rate (Amazon and eBay are common first strike targets). Social networks are also frequently targeted, so be wary should you suddenly spot ads on one of your friends' profiles - they might be affected.
Check out the dedicated website of Hasso-Plattner-Institut Identity Leak Checker to find out whether your email address is affected.
Read more...
Ashampoo Blog
Feb 5, 2019
Usually, large (and illegal) email and password collections are an expensive commodity. Hackers, intelligence agencies and spammers tend to pay good money for extensive and detailed data sets on the dark web to support their activities. Recently, "Collection #1" was circulated and caught the eye of IT security expert Troy Hunt. It contained 773 million email addresses and 21 million passwords in clear text, much to the alarm of many users. One week later, it became apparent the data set was only the tip of the ice berg.
While originally assumed to be a rare find, "Collection #1" with its 87 GB and 12,000 individual files, was quickly overshadowed by "Collection #2" and "Collection #5", totaling 600 GB. The sets are still being analyzed but, so far, 2.2 billion email addresses and passwords have been identified, not all of them in readable clear text, though. It's likely the data was stolen from various companies and other facilities over an extended period of time. And since the lists are now easily accessible by anyone through common search engines, it's high time you changed your passwords.
The problem for many is they use the same combination of email address and password for multiple portals and services. Once hackers get hold of a collection, they tend to employ a strategy called "credential stuffing" that involves automated login requests directed against web applications. The more accounts are linked to a single email password pair, the higher the success rate (Amazon and eBay are common first strike targets). Social networks are also frequently targeted, so be wary should you suddenly spot ads on one of your friends' profiles - they might be affected.
Check out the dedicated website of Hasso-Plattner-Institut Identity Leak Checker to find out whether your email address is affected.
Read more...