Email addresses from across the globe have been compromised as discovered by Troy Hunt, renowned security expert.

Collection#1 Data Breach Has Put 700 Million Email IDs in Danger! 

In what could be the biggest data breach in recent years, a whopping 773 million unique email IDs and 21 million unique passwords have been leaked, a researcher said on Thursday.

The leaked files, however, do not include information such as credit card details.

According to web security researcher Troy Hunt, who created the Have I Been Pwned platform, has said this data leak is part of "Collection #1" which is a set of email addresses and passwords totaling 2,692,818,238 rows, or as expert claims over 87GB worth of stolen and accessible data.

Here’s everything you need to know about 2019’s first major data breach and how it affects millions of users in the world.

How Big is the Data Breach?

The report, as it mentions, says that over 700 million unique email IDs and over 21 million passwords have been accessed by hackers who, according to security experts we spoke to, have put all this data for sale on the dark web forums.

Several people reached out to the web security expert last week and pointed to a collection of 12,000 files with a total size of 87GB, and nearly 2.7 billion records, hosted on MEGA which was compromised on Thursday.

Mega or MEGA is a Cloud storage and file hosting service offered by Mega Limited, an Auckland-based company which offers services primarily through web-based applications.

This data, your email ID and password can be used to access your accounts with platforms like Zomato, Hotstar and even bank account, losing their control over them. Thankfully, your money is unlikely to be stolen, because all financial transactions follow 2-fa ruling.

We reached out to Troy Hunt to understand the implications of this breach on users in India.

Is Your Email ID Part of the Breach?

Those interested in knowing whether their email ID is part of the list affected by the Collection#1 breach could head to Hunt's website called "Have I been Pwned", enter their email ID in the dialogue box and find out if they were affected.

(Photo: <a href="https://haveibeenpwned.com/">Have I Been Pwned</a>)

The website, as you can see here, already lists Collection #1 as the biggest breach to have been reported till date. If your email address shows up being Pwned, it’s high time you change the password right away!

Beginning of the End?

Ankush Johar, Director at Infosec Ventures, who oversees data breach of all kinds is astonished by the Collection #1 breach, and he’s got a strong point.

The data breach reported by Troy Hunt says that over 121 new email addresses have been spotted in the list, which basically means there’s some unreported breach which has shown up in the database. 
Ankush Johar, Director at Infosec Ventures
 (Photo: iStock)
Image used for representational purpose.

He further adds hacking forums across the spectrum have been discussing how Collection #1 might just be the start, and we might see more such breaches happening in the coming months.

Remember, this is just the “Collection 1” and according to some ethical hackers in the BugsBounty.com community, the original collection is not only “Collection 1” but there is “Collection” 2,3,4 and 5 too. This means there is more to come or worse, have already come in the form of underground dealings.   
Ankush Johar, Director at Infosec Ventures

How to Protect Yourself From Breaches?

Everything depends on how smartly you construct the passwords. Using characters along with symbols like # or @ makes case for a strong set of password.

If remembering password isn’t your cup of tea (we get that), it’s time you look at using password managers like 1Password, Lastpass and Dashlane among others.

(Photo: Canva/The Quint)

You can also depend on the save password feature on Google Chrome, which basically creates random 12-digit password, making sure the actual password you’ve set doesn’t make it to any database. That’s exactly what password managers also do and security experts advise users to trust them, especially after a breach like this.