Security lock

Latest Data Breach Exposes 2.7B Email and Password Combinations

Another Year, Another Breach — and this one is major…

It’s January 18, 2019 — not even a full month into a new year, and a major data breach has been reported, exposing a total of 2.7 billion different email and password combinations.  The data set breached, deemed “Collection #1”, includes over 772 million email addresses, and 21 million passwords.  This alone makes it the largest public data breach, to date.

Of the data that was breached, 140 million email addresses and 10 million passwords are new to the dark web.  To find out if your data was breached, you may go to Have I Been Pwned, and enter your email address.  If the email address has been breached, it will tell you when, and how.

Then, to make matters even worse — the passwords are exposed in basic text.  Meaning, absolutely no decryption is needed to identify what the passwords are.

And the final cherry on top?  This is allegedly only the first of six data sets the seller has available.  Assuming the other five sets are of comparable size, the public will have a major problem on their hands.

Now for the good news, which isn’t exactly “good”, but could be considered a silver lining.  This data set is approximately 2-3 years old, therefore, some of the data may not be entirely relevant.

Moving forward, users should check their email addresses at Have I Been Pwned to confirm their security.  If breached, be sure to change the password immediately to something that meets the following requirements: 8+ characters, upper case and lower case letter, symbol, and number.  Users should also never use the same login credentials for multiple accounts.

6,588 total views, 1 views today

(Visited 1 times, 1 visits today)

12 thoughts on “Latest Data Breach Exposes 2.7B Email and Password Combinations

  1. It’s hard not to use same credential – at least log-in ID when so many web sites are forcing use of e-mail as a log-in ID.

    • Absolutely — what I have found useful is creating an extra email address, where nothing of importance goes to. I use this for the websites that want an email address to log in, but aren’t something that I want to disclose my primary account information to.

  2. Why is any site on the net, going to do something for you for nothing? That is why there are so many security problems. So many internet users are so gullible.

    Whatever happened to the saying: “There is no such thing as a free lunch”?

    Grrrooowwwwllll….Marum.(Die schachpielen Katze)

  3. Who is to say that the web site named in the article is really legit??? Maybe they are just harvesting your e-mail address when you type it in. I say Don’t bother; the hackers are probably just waiting and grinning from ear to ear for everybody to go to this web site and type in their address!!!

  4. No matter how many times users are advised to change their passwords, there will always be a stubbornly high number of online users who will refuse to change to multiple passwords for the simple reason that they cannot remember them all. And NOBODY is going to remember a password that is unintelligible gobbledygook.

    The solution is a password manager, such a Dashlane, Bitwarden or LastPass. I use Bitwarden myself, on both my laptop and smartphone.

    • @Scott: River city media is a spamming outfit. they are the ones who would send and post spam, either via inbox or website. they make it look legitimate. I do recognize the name but cannot put an exact point of sale to it. so the thing is it may not have even been anything you used. they got it from any number of other spider webs.

  5. Also ,2 years ago ,when I received one of these warnings ,I had 4 at that time ,in which I could click on from which web sites &/or web mails that got tabbed. Same # on this site ,except they want MONEY to tell me &/or stay quite about who tapped into ME.

  6. You do not say whom the breached data came from so this cannot be considered real news or is it fake news just wanting to grow unnecessarily fear

  7. I am glad you posted this but you left out the most important detail in the story…
    What is the name of the “cloud company” that has been breached?
    Without that it really is just here say…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.