A database with 772.9 million unique e-mail addresses and 21.2 million unique passwords has been publicly available online for an unknown time. The collection of data comes from multiple sources.
The more than 87 gigabytes of data was uploaded on the cloud service Mega, but the data have been removed, reports security researcher Troy Hunt Thursday.
The ratio between the number of unique e-mail addresses and passwords suggests that the same passwords occur in the database. In total, the database contained more than 1.1 billion unique combinations of e-mail addresses and passwords.
Hunt manages a website that allows users to check if their data has occurred in an online data breach. Users who enter their e-mail address on Have I Been Pwned will see whether the e-mail address has been leaked.
The Australian security researcher has added the 773 million e-mail addresses and 21.1 million unique passwords to his databases. In this way, people can check whether they have been affected by the data breach.
Data probably captured years ago
Hunt suspects that the leaked e-mail addresses and passwords come from thousands of different sources. The data have probably been captured years ago.
Users are advised to use a strong and unique password for every online service. Hunt advises people whose account information exists in Have I Been Pwned to change the password.
Research journalist Brian Krebs writes on his website that the leak is at least two years old.