Huge collection of user data leaked online

Security researcher Troy Hunt, who runs the service Have I Been Pwned, has discovered almost 773m unique email addresses and around 22m unique passwords hosted on Kim Dot Com's cloud service MEGA.

In a blog post, he revealed that the collection contained over 12,000 separate files and more than 87GB of data.

The data, which Hunt refers to as Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows on a spreadsheet that has allegedly come from numerous sources.

Hunt provided more details on his discovery in his blog post, saying:

"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago. In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." 

Collection #1

Some of the passwords included in the dataset have been dehashed and appear as plain text in the files including Hunt's own password.

He first began investigating the data stored on MEGA when multiple people reached out to him and Collection #1 was also discussed on a hacking forum.

As of now, the collection has been removed from the cloud service but the passwords and email addresses stored within it are likely still floating around on the internet.

Hunt's service Have I Been Pwned is an excellent resource to see if you or your family's passwords have been leaked online.

Via ZDNet

  • We've also highlighted the best VPN to help protect your privacy online
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.