Experts have been warning for months or even years: the numerous security breaches that we had seen in previous years were going to increase, affecting millions of users. The expected data breach couldn’t wait anymore and on January 17 2019, it reached the front pages of the whole world. Collection # 1 has exposed the personal data of 773 million accounts and 21 million passwords, making it the largest data breach in history.
Australian cybersecurity expert Troy Hunt explains the event through his blog in detail, emphasizing that the now famous Collection # 1 folder contains 87GB of information and includes at least 140 million email accounts and 10 million passwords completely new, that is, they are not part of previous gaps, and, therefore, have just been exposed.
The big question is where all these email accounts have come from. Apparently, it does not have to be in one place, but can be data from multiple leaks, which occurred at different times.
In fact, Hunt himself explains that some of these emails are old acquaintances: they had been previously leaked and were already part of the database of exposed accounts. However, at least 140 million of the total were brand new leaked accounts.
Check if your email has been exposed by Collection and apply measurements
INCIBE’s own Internet User Security Office has recommended conducting a search on the aforementioned website, haveibeenpwned.com , to verify if our account has been affected by the leak.
Once you enter your e-mail address in the search engine, there are two options, that an icon appears in green (a sign that everything is fine), or that it appears in red. If your account appears as filtered (by this filtration or by any previous one), it is best that you follow some instructions to put measures.
The first thing you should do is change the password for that email, as well as for all the platforms and services in which you have used that email or the same password.
For this reason it is so important that passwords are not reused for different online platforms, and that is if one of them is compromised, all the others will be exposed.
At the moment the origin of this hack is unknown, although experts point out that it may be data from multiple leaks. We would be facing a “gap of gaps” a kind of compilation that would contain more than 2,000 databases. In this sense, Hunt himself ensures that a large part of the emails that are included in the leak had already been filtered previously and, therefore, were part of the database of exposed accounts. However, at least 140 million are brand new accounts.
If we wonder who is behind the attack, the truth is that nothing is known about it at the moment. Hunt has stated for Wired that “there is no evidence of a pattern to justify such maximum exposure.”
