Is your email safe? Here's how to find out if you’ve been hacked

773 million e-mail addresses and 21 million passwords stolen in biggest breach in recent years.

More than 773 million e-mail addresses amounting to a hefty 87GB have been discovered to be hacked, a security researcher revealed, in what is shaping up to be another large-scale data breach.
But that's just the tip of the iceberg. Apparently, about four terabytes of data is up for grabs in cyberspace for a 'bargain' price.
Troy Hunt, who runs Have I Been Pwned, a website that can inform you if your e-mail address has been compromised, said that the unearthed data dump - 'Collection #1', as it is called - is a set of e-mail addresses and passwords totalling exactly 2,692,818,238 rows (or records), and is composed of individual data breaches from "literally thousands of different sources".
The numbers are already staggering. From the 773 million unique e-mail addresses, Hunt said that there are 21.2 million singular passwords involved, resulting in 1.16 billion unique combinations of e-mails and passwords. The Guardian has already called it the "largest collection ever of breached data found".
The hack dwarfs the 164.6 million LinkedIn accounts exposed in 2016 and MySpace's 359.4 million in 2008. That would also surpass the discovery of the Onliner Spambot breach in August 2017, which affected over 711 million accounts.
Yahoo, though, still tops this unflattering list. It admitted in 2017 that all of its over three billion accounts were compromised in an August 2013 attack.
But it just gets creepier. Krebs on Security website's Brian Krebs wrote that he got in touch with the "seller" of the hacked data, a user that goes by the name of 'Sanixer', on messaging service Telegram. Sanixer is offering access to the accounts for a "bargain" price of just $45 (Dh165) each. The user also added that the dump consists of data from a vast number of hacked websites.
"If u buy u receive on email: access lifetime to cloud, and update weekly for free," Sanixer posted.
Alex Holden, chief technology officer of Hold Security, suggested to Krebs that the data was apparently first posted on underground forums sometime in October 2018.
Further questioning led to Sanixer revealing to Krebs that Collection #1 was about two to three years old, according to a screenshot that 'advertises' the collections.
And here's where it gets bigger. Collection #1, according to the screenshot, is merely just one of seven folders being sold by Sanixer, whose sizes are ranging from 24.5GB to 526.1GB, according to a screenshot of Sanixer's site.
Its total? A whopping 993.36GB of personal data up is for grabs to those willing to pay up that rather modest fee.
But the screenshot does not include all folders of Sanixer's "password packages"; in total, Sanixer holds about four terabytes of these, most of which are less than year old.
The breach does not apparently include sensitive data such as credit card details.
Geographical divisions were also unavailable. Still, the thought of such a large data dump possessing such a massive number of e-mail addresses is deeply concerning.
Web security firm Kaspersky, in a blog post, detailed the trickiness of the situation.
"If your e-mail is [in Collection #1], it's certainly a signal that you have to do something. However, [you won't be able to tell] which of your accounts tied to this e-mail was breached. Was it an account on a cryptocurrency forum, or an online library account, or a cat-lovers-community account?", it said.
Depending if you've been using a single password or not on multiple services or not, Kaspersky says users have two options. For those who have used one password, "life's going to be hard".
"To ensure safety you'll have to go through all of these accounts and change passwords for each and every one," it said, adding that since trying to remember a lot of new passwords may be tough, using a password manager would be ideal.
If a user has been utilising different passwords for multiple accounts, it would be easier. You can use online tools to determine which of your passwords have been compromised and change those. It also wouldn't hurt if you change all of them for good measure.
- alvin@khaleejtimes.com