Hackers Are Passing Around a Megaleak of 2.2 Billion Records:
"When hackers breached companies like Dropbox and LinkedIn in recent years—
stealing 71 million and 117 million passwords, respectively—they at least had the
decency to exploit those stolen credentials in secret, or sell them for thousands of
dollars on the dark web. Now, it seems, someone has cobbled together those
breached databases and many more into a gargantuan, unprecedented collection of
2.2 billion unique usernames and associated passwords and is freely distributing them
on hacker forums and torrents, throwing out the private data of a significant fraction
of humanity like last year's phone book.
Earlier this month, security researcher Troy Hunt identified the first tranche of that
mega-dump, named Collection #1 by its anonymous creator, a patched-together set
of breached databases Hunt said represented 773 million unique usernames and
passwords. Now other researchers have obtained and analyzed an additional vast
database called Collections #2–5, which amounts to 845 gigabytes of stolen data and
25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner
Institute in Potsdam, Germany, found that the total haul represents close to three
times the Collection #1 batch.
"This is the biggest collection of breaches we’ve ever seen," says Chris Rouland, a
cybersecurity researcher and founder of the IoT security firm Phosphorus.io, who
pulled Collections #1–5 in recent days from torrented files. He says the collection has
already circulated widely among the hacker underground: He could see that the
tracker file he downloaded was being "seeded" by more than 130 people who
possessed the data dump, and that it had already been downloaded more than 1,000
times. "It's an unprecedented amount of information and credentials that will
eventually get out into the public domain," Rouland says."
See:
https://www.wired.com/story/collecti...ords-billions/