- Nearly 773 million unique email addresses and almost 22 million unique passwords were found to be hosted on cloud service MEGA.
- The collection totaled over 12,000 separate files and more than 87GB of data.
Set of email IDs and passwords of up to 2,692,818,238 rows from various sources were found to be hosted on cloud service MEGA. Out of which, 773 million were email addresses and almost 22 million were unique passwords.
The large collection of files on the MEGA cloud service totaled over 12,000 separate files with almost 87GB data. A security researcher named Troy Hunt was pointed to a hacking forum by one of his contacts where the collection of data was posted.
Collection of over 2000 dehashed databases
The post on the hacker forum referenced ‘a collection of 2000+ dehashed databases and Combos stored by topic’ and provided a directory listing of 2,890 files. Hunt noted that his own email address and password to be there in the collection.
“What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago,” Hunt wrote in a blog. “Some passwords, including his own, have been "dehashed", that is converted back to plain text,” he added.
Hunt suggests users visit Have I Been Pwned service to check if their email addresses and passwords are exposed.
1,160,253,228 unique combinations of email addresses and passwords
The Collection 1 dump contained almost 1,160,253,228 unique combinations of email IDs and passwords.
“In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion,” Hunt wrote.
773 million unique email addresses
The collection of email addresses totaled almost 773 million and it has been loaded into HIBP. Hunt noted that this is the single largest breach ever to be loaded into HIBP.
“The unique email addresses totaled 772,904,991. This is the headline you're seeing as this is the volume of data that has now been loaded into Have I Been Pwned (HIBP). This number makes it the single largest breach ever to be loaded into HIBP,” Hunt wrote.
22 million unique passwords
“There are 21,222,975 unique passwords. As with the email addresses, this was after implementing a bunch of rules to do as much clean-up as I could including stripping out passwords that were still in hashed form, ignoring strings that contained control characters and those that were obviously fragments of SQL statements,” Hunt noted.