Collection 1 Data Breach Exposes More Than 772 Million Email Addresses

A collection of almost 773 million unique email addresses and just under 22 million unique passwords were exposed on cloud service MEGA. Security researcher Troy Hunt said the collection of data, dubbed Collection #1, totaled over 12,000 separate files and more than 87GB of data. ZDNet reports: "What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." Some passwords, including his own, have been "dehashed", that is converted back to plain text. Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. "The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. The collection has since been removed. You can visit Hunt's Have I Been Pwned service to see if you are affected by this breach.

I'm probably in there

[steveha]

Starting a couple of months ago, I've received a huge number of extortion emails. At this point it's extortion spam.

All the emails follow the same pattern, and all including somewhere (usually in the To: line, for some reason) an old "burner" password I used on web sites where I don't care if the password leaks.
  Here's a rough paraphrase:

Hi, I'm an elite international hacker, and I've hacked your email. You can tell I'm for real because I used your own email account to send this to you.

Go ahead and change your password, but it's too late to protect you from me. I installed a secret program on your computer and it has been logging everything you do, including collecting images from your computer's webcam. I have collected a list of all the porn sites you visit and made a video showing what you were doing while you visited them. You have interesting tastes in porn, don't you!

When you opened this email a timer was automatically started, and you have 48 hours to pay me money or else my automatic program will send all the dirt I have on you to all your friends I harvested from your email address book.

You can use $CRYPTOCURRENCY to send me the money. Send $AMOUNT to $ID_NUMBER. [$AMOUT is usually $700 or $800 or so.] If you don't know how to use cryptocurrency, just Google it, it's easy.

Be more careful in the future so this doesn't happen again to you.

I have received dozens of copies of this email, with the text slightly different. Some of them end with "Don't hate me, everyone needs to do their own job." Some of them call the mysterious malware "RAT software". A couple of times the email was translated into Japanese. (I can read just a little bit of Japanese and was able to recognize it, and I showed it to a fluent friend who confirmed that it fit the above pattern.)

<sarcasm>I must say, my computer is running pretty well considering how many elite international hackers have been messing with it and installing RAT software and such.</sarcasm>

As it happens, I got one copy of the email at least a week before the deluge started. I realized it would have been very scary for someone who uses the same password everywhere and doesn't know how easy it is to forge the "From:" header. Doubly scary if that person actually visits porn sites.

everybody is acting all surprised....

[WolfgangVL]

Just stop sharing your damn creds. If you can't do that, then stop sharing THE damn creds.

"Jail the execs!"
"Hold them accountable!"
"Fine them!"
"We need new laws!"

None of that shit is going to happen. If you keep making accounts for every little thing, pretty soon I'm gonna need to create a throwaway account to pump fkg gas. Just stop.

Checkout as guest. No thanks. I do NOT agree.

Do you really NEED an account for everydumbthing.com?

Creds have value, otherwise, you would not be asked to give them away every other keystroke. Treat them as such.

Sometimes, the only way to win is not to play.