You may remember that earlier this month, the largest ever collection of stolen internet accounts was dumped onto the internet, with 773 million email addresses and 21 million passwords affected. That dump was called “Collection #1” and now Collections #2-5 have also been made available online. Those account to around 845GB of data, with 25 billion records made up of 2.2 billion unique usernames and passwords.

That’s a lot of data and a lot of compromised details.

Wired has reported that this new dump more than doubles the number of comprised accounts from the earlier release, with security researchers saying that 25 billion records and 2.2 billion usernames and passwords are now in play. Those numbers take into account duplicates across the two dumps, making this the largest ever data breach collection.

As if that wasn’t bad enough news, it’s clear that these records have been doing the rounds online, and continue to do so. Security researcher Chris Rouland has been following along.

He could see that the tracker file he downloaded was being “seeded” by more than 130 people who possessed the data dump, and that it had already been downloaded more than 1,000 times. “It’s an unprecedented amount of information and credentials that will eventually get out into the public domain,” Rouland says.

Worryingly, the sheer number of usernames and passwords in play means it’s now possible that just about anyone could go looking, putting random usernames and passwords into online sites in the hope that people have been reusing passwords. Something we know people unfortunately do all too often.

He could see that the tracker file he downloaded was being “seeded” by more than 130 people who possessed the data dump, and that it had already been downloaded more than 1,000 times. “It’s an unprecedented amount of information and credentials that will eventually get out into the public domain,” Rouland says.

Now would be a very good time to make sure that you’re not reusing passwords and that, wherever possible, you have multi-factor authentication enabled.

You can check if one of your email addresses have been impacted by the breach (or any past breaches) using the Hasso-Plattner Institute’s Identity Leak Checker at sec.hpi.de/ilc/search. 

(Source: Wired)

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.

Related Stories