In January, under the name "Collection #1", around 773 million mail addresses and passwords landed on the net. Now comes the next huge data leak with as many as 2.2 billion stolen usernames and passwords.
According to Wired, this data dump, titled Collection #2 to #5, originates from a full 845 GB data packet with a total of 25 billion entries. After deducting duplicate entries and the information already contained in Collection #1, however, we arrive at a more modest but still record-breaking number. The Hasso Plattner Institute has found 750 million entries that were previously unknown.
And as if that weren't bad enough already, according to security researcher Chris Rouland, the information has been circulating for some time. According to him, the package has already been downloaded over 1,000 times and is distributed over various server locations.
It is an unprecedented amount of information and credentials that are publicly available.
The sheer amount of leaked information now makes it incredibly easy for attackers to try various online services with the data in the hope that a user will use the password somewhere else - which unfortunately happens far too often. This is because such a list is mostly used for credential stuffing attacks, where hackers use an automated process that tries email and password combinations in an online service until one works.
How to find out if you are affected
Currently the data from Collection #2 to #5 doesn't seem to have been fed into the website "Have I Been Pwned" yet. This means that there is currently no way to check whether you are affected. A better alternative here is the website of the Hasso Plattner Institute. Follow the link below and enter your e-mail address and you will receive an e-mail with information on whether your details have been compromised and how.
Now what? If your mail address is affected by the current data leak, it is time to change the password. If you use the same password for many different services, then you should consider a more advanced solution.
If you can't or don't want to remember so many passwords, you should think about a password manager that can help you choose a new password with a generator. Here are some of our preferred password managers for your smartphone:
Did you find your details in this new data breach? How do you manage your security online?