A couple of weeks ago, a huge database of breached credentials startled almost everyone. The huge collection of dumped data, referred as “Collection #1” flaunted 21 million passwords. However, we now hear about an even larger data dump. The Collection #2 to #5 data dumps supposedly include 2.2 billion email addresses.
2.2 Billion Email Addresses Exposed In Collection #2 To #5
After the news of the huge database named Collection #1 surfaced online, the researchers began working out to reveal further details. At that time, KrebsOnSecurity reported that the seller offering the Collection #1 also bears other huge subsets of databases. He found the database folders labelled as Collection #2, Collection #3, Collection #4 and Collection #5.However, there wasn’t much information available about these subsets then.
Nonetheless, a German security firm Heise Online has now disclosed the details of Collection #2 to #5. Reportedly, the combined data of these subsets make up to 2.2 billion email addresses along with corresponding passwords, according to the Hasso Plattner Institute.
According to Heise, the total data volume seems over 600GB. If we take into account the details revealed by KrebsOnSecurity, then the cumulative volume of Collection #2 to Collection #5 may be 784GB.
Exposed Data May Be Massive But Not Alarming
The researchers reveal something that may lessen the impact. According to them, the database includes combined data obtained from previous breaches. Supposedly, it does not include any new data.
“The data are apparently not completely new, but come to a large extent from older leaks.”
Nonetheless, one may not rule out the risks for abuse of these credentials by the malefactors.
“Nevertheless, the compilation and re-release is likely to increase the likelihood that cyber crooks will try out the credentials.”
The researchers re-emphasize on the importance of using unique passwords for every online account. They also advise using password managers to avoid the hassle of remembering so many passwords without compromising security.
Perhaps, recalling the recent wave of credential stuffing attacks at DailyMotion and Basecamp, one can realize the importance of password security measures.