Staggering 2.2 Billion Unique Records Compiled in The Largest Data Leak Ever
If you live in a developed country, or even in a developing country, your details are most likely included in this monster compilation of stolen data shared around by thousands of strangers.
A couple of weeks ago we reported that the details of at least 773 million people have surfaced on a free cloud storage service accessible by virtually everyone. With the staggering amount of data records, the data dump of stolen data named ‘Collection #1’ was quickly branded as the most extensive data leak in history by many.
Hours after cybersecurity researcher Troy Hunt announced the news about ‘Collection #1’, he said that he is in possession of four more collections named ‘collections #2-5’, and he was reviewing them. He said that he will be going through all the records and will be making a call on what to do with them soon. It turned out that he was not the only one in possession of the compilations of the stolen data information. Over the last couple weeks, the ‘collections #2-5’ has been shared between thousands of people as a part of a colossal 845GB torrent. The torrent has been downloaded thousands of times and currently has hundreds of seeders sharing the information with literally anyone in the world.
The ‘Collection #1’ data breach was taken off from the free cloud storage server as soon as the news about the leak become viral, but ‘collections #2-5’ which is virtually the biggest collection of stolen data information ever created, cannot really be taken down from torrent websites and will likely continue to be available for download for a very long time.
In the past, stolen data lists were offered on the Dark Web by cybercriminals for thousands of dollars. Currently, the biggest ever data leak with approximately 25 billion unique records and roughly 2.2 billion unique usernames and passwords, is freely available for download as a torrent.
Currently approximately 4 billion people in the world have access to the internet. With the latest data leak containing more than 2 billion unique emails and passwords, we can easily say that the personal information of half of the people who use the internet has been stolen by hackers and compiled into this mega-leak and is up for grabs for everyone interested. To put this into perspective, the records of almost every person living in the developed, and developing countries, are likely included in this large-sized torrent shared around by thousands of random strangers.
It is currently unknown if the ‘collections #2-5’ torrent contains just emails and passwords, or it includes sensitive information stolen from companies such as Equifax, which may include the social security numbers of almost every US citizen and permanent resident in the US. According to analysts from the Hasso Plattner Institute, a university located in eastern Germany, the megaleak is approximately three times bigger than the initial ‘largest data leak in the world’ announced couple weeks ago, and contains unprecedented amount of previously unseen stolen passwords.
As of right now, Troy Hunt, the researcher who brought the attention to ‘Collection #1’, has not yet uploaded the records from ‘collections #2-5’ to the ‘Have I Been Pwned’ website.
The records do not come from a single breach but are a compilation of tens and possibly hundreds data leaks that have happened over the years.
Why is this dangerous if the data is considered old?
What makes this leak particularly dangerous is the fact that the details of one-quarter of the population of planet Earth and more than half of all the people who have access to the internet are a click away from virtually anyone wanting to get a hold of it. If your email or personal information have been somehow stolen from any of the previously hacked technology conglomerates such as Dropbox, Yahoo, and LinkedIn, you most likely have already been notified and even forced to change your password.
However, according to cyber researchers, the records included in the new the latest data leak include many previously unseen passwords and usernames. And the torrent cannot be taken down which would allow less experienced hackers to start taking advantage of the information in those lists.
Everyone, from your work colleagues and neighbors to your friends and family, is now able to download the data and search through it. Literally, anyone can find any of your old passwords, investigate them and look for a pattern that might help them guess your current password. While passwords change, users generally do not change their email addresses often – spammers will be using the information to send unsolicited emails to billions of people for the years to come.
With a leak this big, the question is not if your details have been stolen in the past, but how many times have they been taken.
What actions should you take?
Unfortunately, this is just the beginning; the stolen data will now be accessed by thousands of people who will try to take advantage of it one way or another. If you haven’t changed your passwords over the last three months, we strongly encourage you to change them immediately. Don’t be tempted to use the same password over and over again, instead use a password manager that can save all passwords you have – most quality anti-virus software products come with integrated password management features.
Turn on the two-factor authentication wherever possible, and if you are a residing in the US, consider freezing your credit reports with all major credit bureaus – Equifax, TransUnion, and Experian.