Tag: email addresses

By Jack More for Mashable 

They wouldn’t have numbered it if it was the only one.

On 16 January, security research Troy Hunt uploaded a massive cache of leaked e-mails and passwords to his invaluable website have i been pwned.

The 87GB dataset, dubbed “Collection #1,” was admittedly years old, and had been passed around by hackers for some time now. Still, the sheer scale of it — containing over 772-million email addresses — turned heads. Hold onto your digital butts, because as Krebs on Security reports, you ain’t seen nothing yet.

According to Krebs, the Collection #1 data breach is, unsurprisingly, part of a much larger collection of stolen online credentials being sold online. And, taken as a whole, it dwarfs Collection #1’s size.

Just how big are we talking? According to the hacker allegedly selling access to the data who communicated with Krebs over Telegram, the entire data set of email addresses and passwords comes close to 1TB. Brian Krebs, the infosec journalist behind Krebs on Security, tweeted a screenshot purportedly depicting a page listing the data for sale.

In addition to the 87GB Collection #1, there’s a 526GB Collection #2, a 37GB Collection #3, a 178GB Collection #4, a 42GB Collection #5, and two other folders totaling an additional 126GB worth of credentials.

The seller told Krebs that, in total, they had close to 4TB of so-called password packages. Yeah, that’s a lot. According to the image above, the “Price for access lifetime” is only a cool $45 (R630).

So your email, along with one or more passwords to various throwaway online accounts you’ve used and discarded over the years, is likely being traded on the dark web. What does this mean for you?

Well, if you’re smart about your online security, probably not too much immediately. Assuming you use unique passwords for each account online — and you definitely should — any of your passwords contained in the dataset would only gain a hacker access to one specific online service. Like, say, your old Tumblr account. And, if you use two-factor authentication, you’re likely in the clear.

However, all this goes out the window if a hacker gets access to your main email account and can initiate password resets. And if the email account in question just so happens to share a password with your now-defunct Neopets account or whatever? You might legit be in trouble. Consider getting a password manager, and make sure your email has a unique password and 2FA.

And then go about your normal online business, comfortable in the knowledge that your personal data is being sold to hackers for the low, low price of $45 (R630).

To see whether your email address has been breached, visit have i been pwned.

A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.

Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30-million unique South African ID numbers.

The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.

The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.

Hunt is now attempting to identify the source of the database and has shared its headers to help get to the bottom of it. The headers can be viewed here.

Some of the data headers seem to indicate that the source may be government, but this is not definitive. It may be that this information is from a commercial entity such as a bank or credit bureau.

Once the owner of the data is identified and informed, Hunt will upload the info to his HaveIbeenPwned service (although he notes that the data only includes around 2,2-million valid e-mail addresses).

By Andrew Fraser for Tech Central 

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top