A massive database containing 772,904,991 unique email addresses and more than 21 million unique passwords were recently posted to an online hacking forum, according to Wired.
The hack was first reported by Troy Hunt of the hack security site Have I Been Pwned, which lets you check whether your email and passwords have been compromised and which sites your information was leaked from.
The data collection as a whole, called "Collection #1," doesn't appear to originate from a certain source, but is rather an aggregation of 2,000 leaked databases that include passwords that have been cracked, according to Wired. That's to say the protective layer that scrambles, or "hashes," a password to prevent your original password from being visible has been cracked, and the passwords are presented in a usable form on hacking forums.
Data in Collection #1 wasn't put up for sale, like many data leaks are. It was first hosted on popular cloud hosting site Mega before being taken down, then posted on a public hacking site.
"Collection #1" is among the largest data breaches in history, second only to Yahoo's hackthat affected as many as 3 billion users.
Great to hear all these huge breaches of our personal data that can be used to hack either our Online accounts or computer.
Last month I had a Russian hack into my Amazon Account twice in two weeks. The second time I had activated the Two Step log in. Totally worthless. My account was hacked within a day after Amazon re-activated my clean account again. I now have it disabled and Amazon lost a 20 -25 year Customer in the process because they can't secure their Customer's Amazon Accounts.
Then in the same week an Iranian in Tehran, Iran tried to log in my Facebook Account. Luckily I had a Two Step log in after what happened with Amazon the hacker couldn't hack into my Facebook Account.
Both were using my primary Email Account to a hack into my online accounts.
Chrome has finally been brought/forced to the 21 century and is making a change in how the stored passwords are accessed. Anyone who hacks into your account has no problem accessing all your saved user name/passwords. This is also true of Firefox...except they haven't mentioned any future plans to stop it.
Luckily I don't use any of my Browsers to store any log ins or password. I use Roboform. But not sure how secure that software is but I have been using it for several years now without incidence related to that particular software.
Plus I have installed a program called KeyScrambler that automatically scrambles all my keyboard strokes while typing on Online.
I suspect my email data was compromised by several breaches including Facebook and Experian and Home Depot and a couple other I don't recall at the moment or my wife or me visiting a false or malicious site.
After what happen last month, I conducted some exhaustive scans looking for any viruses or malware or malicious Keystroke software in my computer. Came out clean and couldn't find any suspicious files with odd names or misspelled file names. So, I suspect I must of gone to a malicious website that stole my data or from one of the many breaches in various companies and online websites where my personal data was compromised.
LoL, now when I usually create a password has in it "Screw you" "Hijacked" etc. in the password.
I have coded my own password generator and it's fairly safe -- never had issues:
Saved passwords is still to easy to find...and the passwords on the latest Firefox
Chrome, Edge and Firefox all use AES256 to secure the password tables
I use very strong passwords and so far nobody has been able to gain any illegal access to my accounts
While the LOCAL keys.db file in Firefox uses woeful encryption (SHA-1 iterations 1), the Firefox Account and Firefox Lockbox uses AES256-GCM encryption and HMAC SHA-256 "to hash searchable data". The latter is fairly unbreakable, but the former is really only a problem if you get your stuff lifted by a hacker experienced in such things, or do something stupid like use a master password of 1234 or the like instead of something like "Th3 Day Was Sunny New 3ngland (heats" as most thieves will just sell the computer or the parts, or blow it all away and start fresh.
Still, the biggest problem is sensitive websites, such as financial websites, still not using 2 factor authentication of some sort. Even SMS based 2FA, while the least secure type, still acts as a major deterrent to the common thief.