What an earthquake in Internet security: Around 1.16 billion combinations of email addresses and corresponding passwords have just been published via the cloud platform Mega and discovered by Australian security researcher Troy Hunt. The data has since been deleted from the Mega platform – but numerous copies are circulating on the Internet! The logical consequence: We should all check our own email addresses now.
The latest monster data leak with the cryptic name "Collection #1" consists of 12,000 files with a volume of 87 gigabytes of data and more than 2.7 trillion entries. Among them are 772 million different email addresses and 21 million passwords. This is probably the most gigantic mega-collection of hacked data ever published.
And the drama continues: Collection #2-5 have already been announced on the dark web. It seems that more than 2 billion email addresses are affected. This increases the likelihood that one's own password has been stolen many times over.
Collection #1: How can I check my own email address?
The good news is: All data from Collection #1 is already integrated into our database and you can immediately check your own email address with our "Identity Inspector" software. In any case, react immediately to effectively protect your online accounts from misuse by cybercriminals. Act now! Test our Identity Inspector!
What to do if your data is affected by a data leak?
Immediately change the passwords for the services displayed by our software.
If your data appears in "Collection #1", it is not yet entirely clear where this data comes from. You should change all passwords associated with this email address. In general, please always use different passwords. Tips on creating secure passwords can be found in our blog on our website: https://engelmann.com/de/sicherheit/wie-sicher-ist-mein-passwort/
A perfect opportunity for hackers
The numerous copies of past data leaks, i.e. not just the current collection from Collection #1, represent a real problem. Many of the data are still current and the passwords are still active.
The consequences of this were clearly seen in January 2019. It was then announced that the hacker Orbit had spied on hundreds of German politicians and celebrities. The published documents included identity card copies, Word and PDF documents, and chat histories. All this data was probably obtained from accounts whose passwords had been published a long time ago. Especially for such accounts, you should now check your own email address.
Of course, you can also take a radical approach to your own protection and get rid of old baggage. In the good 25 years since the Internet began, you have certainly created numerous accounts. And, hand on heart: You often used identical passwords. Right guess? However, many of these services from the early days of the Internet are now dormant – for example, from Yahoo and AOL. It might therefore make sense to simply deactivate such old and unused accounts. Just clean up thoroughly – also in your digital world! If that's too much for you: At least have your own email address checked by our Identity Inspector now!
Check your own email address now and preempt criminals
Of course, databases like Collection #1 or the announced Collection #2-5 are also appealing to criminals. Recently, for example, blackmail emails have been circulating that begin with "I know your password is what#k1ljk". The sender further claims to be in possession of compromising videos and that publication can only be prevented by a payment in Bitcoins. Of course, there were no videos, the email is an empty threat. But such blackmail also comes from data leaks. And it seems to be worthwhile, otherwise the spammers would quickly stop. If you are unsure yourself, you should simply check your own email address with the Identity Inspector – and then relax.
Comparison of data leaks shows high agreement in passwords
One of the main problems with such data leaks is: Many users use the same password for numerous or even all accounts. Attackers then simply try the found passwords on other popular services, and they gain possession of private data. There are many prominent examples, and even Mark Zuckerberg was affected in the past because he allegedly used the password "dadada" multiple times. Moreover, that password is truly not a good idea.
Hey Mark, our "Identity Inspector" is just right for you too. 🙂
