Troy Hunt, the site admin of Have I Been Pwned just released some disconcerting news. A new data breach of humongous proportions has just been made public, we are talking astronomical numbers. He has called this data set "Collection#1" and is by far the largest he has ever found. This thing is kind of a "breach of breeches and contains about 2,000 leaked databases. This monster consists of :
He said: "There’s no obvious patterns, just maximum exposure. That's the numbers, let's move onto where the data has actually come from. Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totalled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialised, complete with the following image":
Troy has loaded all this information in the Have I Been Pwned and there is lots more detail about this new breach over at Troy's Blog. The database seems to have been put together for credential-stuffing attacks, in which hackers rapidly test email and password combinations at a given site or service. This is typically a fully automated process which preys especially on people who reuse passwords across multiple sites on the internet.
How Serious Is This?
WIRED called it: "Pretty darn serious! While it doesn't appear to include more sensitive information, like credit card or Social Security numbers, Collection #1 is historic for scale alone. A few elements also make it especially unnerving:
KnowBe4’s Password Exposure Test (PET) is a brand-new and complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users. PET is integrated with the HIBP site and will check for all the compromised data above.
PET makes it easy for you to identify users with exposed emails publicly available on the web, and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!
With Password Exposure Test you can:
Password Exposure Test can help you identify which users may be putting your organization at risk before the bad guys do. Get your results in a few minutes! You are probably not going to like what you see.
Don't like to click on redirected buttons? Copy & paste this link into your browser:
https://www.knowbe4.com/password-exposure-test