Want to share with your friends too?

17 Jan 2019

#MegaBreachAlert: Over 2 billion emails, passwords found on 'hacking' forum

Over 2 billion emails, passwords found online

In a shocking development, Troy Hunt from 'Have I Been Pwned' has found more than two billion emails and passwords online.

The raw dataset, containing encrypted, unencrypted information, appears to have been collated from thousands of different breaches and sources.

It was discovered on cloud service MEGA and is said to be the largest ever chunk of leaked data to go public.

Here's more.

In context

Over 2 billion emails, passwords found online
Insanely massive trove of data on hacking forum

Data volume

Insanely massive trove of data on hacking forum

Last week, Hunt's contacts directed him to an insanely massive trove of data containing 2.7 billion rows of emails and passwords, including over a billion unique combinations.

The data, packed in a folder called Collection #1, was on MEGA and continued to exist on a 'popular' hacking forum.

The 87GB folder had over 12,000 email-password files in different sub-folders, like 'EU combos, Shopping combos'.

Even after stripping out unusable bits, data volume stayed high

Even after Hunt's cleaning, the number of unique emails and unhashed, plain-text passwords in Collection #1 remained high. To put this into perspective, Hunt removed unusable bits, hashed passwords, and duplicates and still found nearly 773 million unique email addresses, over 21 million unique passwords.

Love Tech news?

Stay updated with the latest happenings.

Notify Me


But, how this information got leaked?

As Hunt emphasized in the post detailing this discovery, it is difficult to say for sure where all this information came from.

The post on the hacking forum referenced "a collection of 2,000+ dehashed databases and Combos stored by topic," he said while suggesting that the information appears to have been collated from several different leaked databases - for hackers.

Here's what Hunt said on the leak

"It just looks like a completely random collection of sites purely to maximize the number of credentials available to hackers," Hunt told WIRED. "There's no obvious patterns, just maximum exposure."

Can hackers use this information?

Attack risk

Can hackers use this information?

The humongous trove of emails and passwords posted publicly can be used by hackers to conduct the so-called 'credit stuffing attacks'.

As part of these attacks, they could throw in leaked email and password combinations at different sites or applications to gain access, Wired reported.

The biggest risk from such an attack would be to those who use same email-password combinations across various sites.


How to know if you are affected?

Well, the scale of this breach is alarming and it is important to check if your information has been compromised in the incident.

The process is very simple as you just have to visit Hunt's Have I Been Pwned website (https://haveibeenpwned.com) and enter your email.

You can even enter your password on the site to see if it has been compromised or not.

Ask NewsBytes
User Image

Most asked questions

How can I get breach notifications?

Does this breach affect Indian users?

How to secure emails?

Were these passwords encrypted?

More questions

How can I get breach notifications?

Asked on 17-01-2019 by Divya Gavde

Answered by NewsBytes

You can get breach notifications by sign up for notification alerts on Have I Been Pwned website.

Does this breach affect Indian users?

Asked on 17-01-2019 by Reyansh Jindal

Answered by NewsBytes

The data dumps are totally random and could be affecting many users in India too. Mine was affected.

How to secure emails?

Asked on 17-01-2019 by Amit Jindal

Answered by NewsBytes

For security, keep different email-password combinations for different websites and keep changing them from time to time.

Were these passwords encrypted?

Asked on 17-01-2019 by Rajesh Chopra

Answered by NewsBytes

Some encrypted but millions were unhashed plaint-text passwords too.

Next Timeline