A dump called “Collection #1” has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy “Have I Been Pwned” Hunt (previously) de-duplicated to come up with 773 million unique records — of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before.
Collection #1 appears to have been created by cracking lots of online services of every size and description and subjecting their passwords to guessing programs that undid the hashing of millions and millions of them. It’s the kind of database that is of great use to “credential stuffers” who just throw known-good login/password combinations at services they want to attack until they get in.
The dump is on “a popular hacking forum” (having previously been available on Mega, the cloud service). It’s a folder with 12,000 files totalling 87GB.
Hunt has ingested this dump into the Have I Been Pwned? database, and you can search it to see if your credentials appear in it.
Pretty darn serious! While it doesn’t appear to include more sensitive information, like credit card or Social Security numbers, Collection #1 is historic for scale alone. A few elements also make it especially unnerving. First, around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database, meaning they’re not just duplicates from prior megabreaches.
Then there’s the way in which those passwords are saved in Collection #1. “These are all plain text passwords; if we take a breach like Dropbox, there may have been 68 million unique email addresses in there but the passwords were cryptographically hashes making them very difficult to use,” says Hunt. Instead, the only technical prowess someone with access to the folders needs to break into your accounts is the ability to scroll and click.
Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach [Brian Barrett/Wired]
(Image: Cjp24, CC-BY-SA)
Phishers steal San Diego school data going back to 2008 — UPDATED
After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all the way back to 2008; including SSNs, home addresses and phone numbers, disciplinary files, health information, emergency contact details, health benefits and payroll info, pay […]
READ THE REST
Facebook gave third party developers access to 6.8 million users’ private photos
Facebook has notified 6.8 million users that, due to a bug, the company allowed its third-party developers to access all the users’ photos, including those marked as private.
READ THE REST
The Twist Plus World Charging Station adapts to fit outlets in 150 countries
It’s a rude awakening for that rookie vacationer abroad when they try to plug in their gear for the night. Veteran jet-setters know that outlet shapes can vary wildly from country to country, which necessitates that most boring must-have for any world-traveler: A sackful of clunky power adapters. Awkward problem, elegant solution: The Twist Plus […]
READ THE REST
Learn Ableton Live front-to-back with this online bundle
Looking for a career in music behind the boards, either as a music producer or DJ? It’s a good bet that you’re going to be working with Ableton Live. Each new iteration of this powerful workstation gives the user more tools to create, and it’s just as well suited for the task of meticulous track […]
READ THE REST
Create flawless front-end designs with this UI / UX bible
The graveyard of failed startups is littered with concepts that just got lost in translation. At its core, that’s what great front-end design is about: Making an app or website usable, translating its best ideas smoothly to the user. It’s a skill so broad there might be no one book or course that covers it […]
