- Animator for Netflix’s ‘Carmen Sandiego’ says he was fired after asking for fair pay Sunday 3:17 PM
- YouTube reverses decision to remove creators’ badges Sunday 1:47 PM
- How video game developer Valve got served secret subpoena as part of FBI’s counterterrorism fight Sunday 12:31 PM
- Aron Eisenberg, ‘Star Trek: Deep Space Nine’ actor, dead at 50 Sunday 11:35 AM
- Who needs glass slippers? This Cinderella cosplayer upgraded with a stunning glass arm Sunday 10:19 AM
- How to check if Yahoo owes you $358 Sunday 9:25 AM
- How to stream Bears vs. Redskins on Monday Night Football Sunday 7:00 AM
- What are the best alternatives to the electoral college? Sunday 6:30 AM
- The best PS4 games you can’t play anywhere else Sunday 6:00 AM
- How to watch the 2019 Emmy Awards Sunday 5:00 AM
- How to stream ‘Power’ season 6, episode 5 Sunday 4:00 AM
- Former developer at software company deletes his code to protest its ties to ICE Saturday 4:21 PM
- A mysterious website is doxing Hong Kong protesters and journalists Saturday 1:44 PM
- The best ‘Skyrim’ followers and how to get them Saturday 1:26 PM
- Why Joel Osteen gets cyberbullied every time Houston floods Saturday 12:40 PM
A recently revealed collection of hundreds of millions of emails and passwords is being hailed as the largest data breach ever.
In a story first reported Wednesday, security researcher Troy Hunt announced that nearly 773 million unique emails and more than 21 million unique passwords had been exposed.
The seemingly unprecedented exposure, dubbed “Collection #1,” led to breathless headlines about the scale of the data. But a quick glance at Hunt’s own analysis reveals the issue to not be quite as serious as many believe.
While people may have the impression that all the credentials were obtained in a single mega-breach, the data is merely a collection of emails and passwords gathered from numerous previously known breaches.
Hunt, who runs the service “Have I Been Pwned” that allows anyone to check if their email has shown up in public breaches, even notes that more than 80 percent of the emails in Collection #1 were already known by his site.
As noted by Motherboard’s Lorenzo Franceschi-Bicchierai, “of the 22 million passwords, half were not in the database” as well.
Brian Krebs, a security expert and bestselling author, spoke with Sanixer, the hacker selling the Collection #1 data, and was told that the content was several years old.
“Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his ‘freshest’ offering,” Krebs writes. “Rather, he sort of steered me away from that archive, suggested that—unlike most of his other wares—Collection #1 was at least two to three years old.”
Still, the latest breach news should remind everyone to check their digital security hygiene.
Simple steps such as obtaining a password manager and making sure to create a strong and unique password for every service you use can help minimize the damage from data breaches. Setting up two-factor authentication can also protect you even if your password is compromised.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.