More than three billion email addresses and passwords are now in the hands of hackers. As reported by CyberNews, some 3.2million cleartext emails and password pairs have been leaked on a popular hacking forum online. This latest leak aggregates past leaks from Netflix, LinkedIn, Bitcoin and more. So, these passwords aren't necessarily the ones needed to login to a corresponding email account. Just emails and logins used to access services such as Netflix that were caught up in other leaks.
However, if this password and email combo is used across a variety of different services (i.e to login to email inboxes and access online shopping portals) it could give affected users a major headache. The study does not specifically mention whether accounts from email providers such as Hotmail, Outlook, Yahoo Mail or more are among those affected.
But Express.co.uk used a tool online to check whether any of our personal addresses were caught in in the breach, and found one Gmail addie that was affected. This latest leak is believed to be the largest ever compilation of email addresses and passwords to be leaked online.
The previous largest breach was the Breach Compilation of 2017 which saw 1.4billion credentials leaked online. However, this latest leak - known as the Compilation of Many Breaches (COMB) is over twice the size of the 2017 data cache. CyberNews said it wasn't a new breach but a compilation of previous ones.
CyberNews said, this does not appear to be a new breach, but rather the largest compilation of multiple breaches. At the moment, it is unclear what previously leaked databases are collected in this breach. Samples seen by CyberNews contained emails and passwords for domains from around the world.
If you are worried whether your email address has been caught up in the breach then head to CyberNews's personal data leak checker by clicking here.
On this site you can enter in your email address and see if any login details have been exposed. The website is able to alert the holders of over 15million breached accounts if their credentials have been compromised.
CyberNews said the potential impact of this latest breach is unprecedented, especially if any affected users use the same password for their email for other online services. While it isn't best practice to do so, some people do tend to reuse passwords as it can be easier to remember.
If you have been impacted by this latest breach, and also use the affected password for other online accounts then we'd advise you to change both swiftly. Enabling two-factor authentication (2FA) when websites allow it also helps add an extra layer of protection to your accounts.
CyberNews said, the impact to consumers and businesses of this new breach may be unprecedented. Because the majority of people reuse their passwords and usernames across multiple accounts, credential stuffing attacks is the biggest threat. If users use the same passwords for their LinkedIn or Netflix as they do their Gmail accounts, attackers can pivot to other more important accounts. Users are normally recommended to change their passwords on a regular basis, and to use unique passwords for every account. Doing so – creating and remembering unique passwords can be quite challenging, and we recommend users get password managers to help them create strong passwords. And, of course, users should add multi-factor authentication, like Google Authenticator, on their more sensitive accounts. That way, even if an attacker has their username and password, they won’t be able to get into their accounts.