In January, a portion of breached databases from several sources was first identified by Troy Hunt, a well-known security researcher.
As has been reported, the hacked information was exposed under the name Collection #1. According to Hunt, this first set of hacked databases included 773 million different passwords and usernames.
Since the leak, it has now been revealed that the anonymous creator of the collection shared the data within many hacking forums.
Currently, numerous security researchers are analyzing an additional enormous collection. This database counts 25 billion records, known as Collections #2-5.
Quantity vs. Quality
Although the size of the collection was gigantic, the data was proven to come from prior thefts such as the data breaches of Dropbox, Yahoo and LinkedIn.
Regardless of where the numbers of stolen information are coming from, a major privacy violation occurred.
The researchers at Germany-based Hasso Plattner Institute concluded that Collection #1 did not include 611 million credentials that were found in Collections #2-5.
This, as a measure of the importance of the stolen data, confirmed that a compelling portion of passwords is being exposed for the very first time.
The large size of the collections adds more concern to the fact that the leaked data could also be used as a practicing tool for inexperienced hackers.
The exposed data can simply help these hackers to try credential stuffing. This technique, widely known among hackers, involves trying already leaked passwords and usernames on public sites in hopes of finding people who have reused those passwords.
If you would like to check your username among the leaked data, you can use this identity leak checking tool from the Hasso Plattner Institute in order to do so.
You could also use Troy Hunt’s Have I Been Pwned tool.
Because of what we previously mentioned, you should consider changing your passwords and remember not to reuse any of the old passwords again.
In addition, we highly suggest using a password manager so you do not have to remember all of your strong passwords.
The Different Speculations
Chris Rouland, the founder of IoT security firm Phosphorus.io, acknowledged the leaked collection as one of the biggest ever seen.
And, according to him, the hacked data that was put up for sale on the dark web is actually information that has been stitched together from older data breaches.
Rouland thinks that the person behind this leak has probably bought or stolen the data from the enemy and exposed the database more widely.
Noted by Rouland, the hacker downloaded the collection with a torrent tracker file that included a “readme.”
The “readme” also claimed that another dump of data might be coming soon as it is noticed missing from the existing torrent.
Contrary to Rouland’s speculations, other researchers believe the sale of this massive database symbolizes something else.
According to them, the hacker has already created a huge pile of aged personal information over the years.
Such delicate information, even though impactful, essentially, can be considered worthless.
David Jaeger, a researcher at Hasso Plattner Institute, thinks the hacker/s who want to profit from the leaked information have already been working on gathering the information for years. This means a large amount of personal information is old already.
Since it no longer makes sense for the hacker/s to keep the database private, they exposed and sold the collections on the dark web.
Although maybe meaningless for the creators, these data dumps can still serve a great purpose for other unskilled or random hackers.
In the past, the mega breaches of companies like LinkedIn and Dropbox resulted trades of the hacked data on the dark web.
The current collection of 2.2 billion passwords and usernames is being openly distributed on hacking forums across the internet.
Because of such public exposure of the databases, the last leak of private information is becoming virtually free for internet users.
The uncovered collections are just another milestone when it comes to leaking large amounts of information.
It is the beginning of a collapse, as Rouland believes, because once the data is out there, it is inevitably going to be found and used.