Data Breach: Besides FB, 773 million unique email IDs leaked

San Francisco: In what could be the biggest data breach in recent years, a whopping 773 million unique email IDs and 21 million unique passwords have been leaked, a researcher said on Thursday.

The leaked files, however, do not include information such as credit card details.

According to web security researcher Troy Hunt, this data leak is part of the “Collection #1” which is a set of email addresses and passwords totalling 2,692,818,238 rows.

“It’s made up of many different individual data breaches from literally thousands of different sources,” Hunt posted on on the day.

“In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive.

According to Krebs on Security, the data dump containing 773 million email addresses and 21 million unique passwords is just a subset of a much larger tranche of passwords made available on the dark web by a shadowy seller who goes by the name Sanixer on Telegram.

The current offerings of the seller is almost 1 Terabyte of stolen and hacked passwords and Collection #1 is a part of his dataset, available at a mere USD 45. The seller said that Collection #1 data is about 2-3 years old. But another dataset that he offers is less than a year old.

“This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion.

“The unique email addresses totalled 772,904,991. This is the headline you’re seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP),” Hunt added.

Several people reached out to the web security expert last week and pointed to a collection of 12,000 files with a total size of 87GB, and nearly 2.7 billion records, hosted on MEGA.

Mega or MEGA is a Cloud storage and file hosting service offered by Mega Limited, an Auckland-based company which offers services primarily through web-based applications.

Those interested in knowing whether they were affected could head to Hunt’s website called “Have I been Pwned”, enter their email ID in the dialogue box and find out if they were affected.

With Agency Inputs