CYBER experts have warned the public over a colossal collection of 1.3billion passwords exposed online putting accounts at risk.
It’s been described as “the most extensive corpus of data we’ve ever processed” by Have I Been Pwned (HIBP), a website that alerts people if their private data has been spotted in the wild.
The site regularly updates its database when new data comes to light.
And the latest addition includes a massive 1.3billion unique passwords – 625million of which Have I Been Pwned say they’ve never seen before.
It also includes 1,957,476,021 unique email addresses.
Site boss Troy Hunt said some of his own data was detected in the trove.
Read more about passwords
HIGH ALERT
Pro hacker reveals it takes just 3 MINUTES to find your password online
GOOG GOD
Warning to all 1.8bn Gmail users over ‘hidden danger’ that steals your password
“This corpus is nearly 3 times the size of the previous largest breach we’d loaded,” site boss Troy Hunt said.
“The truth is that once the bad guys have your data, it often replicates over and over again via numerous channels and platforms.”
This latest batch of passwords comes from various sources uncovered by a group called Synthient.
Many of these are a result of something called credential stuffing lists, which are described as the “the keys to the castle”.
This is when hackers obtain your email address and password from one website, and try the same details on other sites to see if they work – which is why people are advised to never recycle passwords.
The data has now been carefully fed into Have I Been Pwned, allowing anyone to check if they’ve been affected.
All you have to do is enter your email address and any instances will be flagged to you.
You can also subscribe to alerts that will email you whenever a new breach is detected.
In total, the site now has a whooping 17,284,001,112 account details.
Hunt has urged people to get a password manager, making passwords strong and unique or use more secure passkeys, as well as turning on multi-factor authentication.
The warning comes just weeks after Have I Been Pwned sounded the alarm over 183million stolen passwords.
WHY YOU SHOULD SWITCH TO PASSKEYS
Google’s Sampath Srinivas explains why passkeys are more secure than passwords
“When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore,” Sampath explained.
“Instead, your phone will store a FIDO credential called a passkey which is used to unlock your online account.
“The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access.
“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer.
“Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”
Picture Credit: Google
