3.2 Billion emails and Passwords Published Online — What You Need to Know

3.2 Billion emails and Passwords Published Online — What You Need to Know

A whopping 3.2 billion password/username pairs are for sale on an unnamed online hacking forum. But there's no need to panic. It's a compilation of credentials stolen from dozens of old data breaches, some of which date back a decade.

That doesn't mean you shouldn't be aware that old passwords are out there. Yes, your passwords, and ours, too. Most of us who have created three or more online accounts have had our passwords compromised before.

This new treasure trove of dusty old data has been made public by the Lithuanian English-language site Cybernews. According to the site, the compromised credentials are a mishmash of compromised data from LinkedIn (117 million accounts compromised in 2012), Netflix (no actual Netflix data breach in memory), and others.

We have not seen the data ourselves, but imagine that the massive Yahoo leaks in 2013 (3 billion accounts) and 2014 (500 million accounts) are probably in there somewhere.

According to Cybernews, the database is advertised as a "Compilation of Many Breaches (COMB)." Located in a password-protected container, the data is cleaned up, categorized, and made searchable. Passwords to the containers are published to authorized users of the hacker forum.

"Most of the contents are almost entirely public," the poster who posted the link to the hacker forum wrote in a screen grab captured by CyberNews." All the data is structured like an alphabet tree" and "contains query scripts."

The link's contributor said the total number of credentials was 3.8 billion, but CyberNews boiled it down to 3.2 billion after obtaining the data and removing duplicates.

So what can you do: with Cybernews' own data leak checker, you can claim to have 2.5 billion leaked email addresses and see if yours is among them.

You can also use Australian security researcher Troy Hunt's HaveIBeenPwned website. It is possible that at least one of your old passwords and some of your e-mail addresses are registered in at least one of these databases.

Overall, however, you need to follow a few simple rules.

1) Data breaches happen, and they are not your fault.

2) Do not reuse passwords. If you reuse them, the data breach that affects your account will affect many other accounts as well.

3) Make all passwords strong and unique.

4) The best password managers make it easy to follow rules 2 and 3.

Categories