
Calling the data leak "Collection #1", Hunt said it is likely to be "made up of many different individual data breaches from literally thousands of sources", as opposed to a single breach of a major organisation or service. The data leak, as mentioned on his website "troyhunt.com", includes a massive database of 773 million email IDs and 21 million passwords.
However, with so many passwords, it can be hard to remember them all. Even if hackers do have your email accounts on record, and even if they have the password for one of your many online accounts, they won't be able to use it to hack sensitive properties like your online banking accounts, and anything that might help them steal personal details about you. 772,904,991 unique email addresses and 21,222,975 unique passwords.
If your email address pops up in Hunt's Have I Been Pwned database, that does not necessarily mean that any or all of the associated passwords have been cracked.
In addition to 772 million email addresses, almost 22 million unique passwords were dumped in plain text online. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.
Hunt dubbed the 87GB dump "Collection #1".
Hunt has uploaded all of the data in a secure fashion to his site so visitors can check if they have been affected by the breach, which many of you reading this will be.
More news: Samsung Could Delay the Launch of Upgraded Fast Charging SystemTo find out if your email address is affected by the breach, visit Have I Been Pwned and type in your email address and search, then scroll down to the bottom of the page. Those impacted should act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential-stuffing attacks to cause maximum damage across multiple other accounts.
Hunt runs the "have i been pwned?" website where users can input their email address to see if it is known to have been compromised, and if so, in which data breach (es). Lastly, invest in a good password manager.
This, with its 140 million new email addresses, would be especially attractive to scammers. You enter a password and the site tells you if it's appeared in any breaches.
If your email was caught up in the hack, the first thing you should do is change your password. Most services now allow two-factor authentication, and it should become a practice for all users to have the feature enabled as it makes it just as hard for hackers to break in.
Hunt himself uses 1Password, though there are other options, notably LastPass.