Giant data dumps publish details of 2.2 billion usernames
In January 2019, researchers reported finding two huge data dumps. Collection #1 contained passwords and usernames relating to nearly 773 million email addresses spread across about 2.7 spreadsheet rows in 12,000 files. Collection #2.5 contained 845GB of data and more than 25 billion records that included 2.2 billion unique usernames and passwords. Researchers at Phosphorus.io said that more than 130 people were making the data available, and there had been more than 1,000 downloads. Troy Hunt's HaveIBeenPwned (https://haveibeenpwned.com/) service lets users check whether their information was compromised in Collection #1; Germany's Hasso Plattner Institute provides an Info Leak Checker (https://sec.hpi.de/ilc/search) to let people check if their information is in Collection #2.5. The ready availability of this data enables credential stuffing attacks; users can protect themselves by using unique passwords for each site and enabling two-factor authentication.
https://www.wired.co.uk/article/collection-data-breach-dump-leak
Writer: Matt Burgess
Publication: Wired