361 million email addresses added to Have I Been Pwned
Australian cybersecurity expert Troy Hunt has added an astounding 361 million unique email addresses to Have I Been Pwned.
Last week, a security researcher, who wishes to remain anonymous, sent Troy 122 gigabytes of data scraped out of thousands of Telegram accounts. It contained 1,700 files with 2 billion lines and 361 unique email addresses, of which 151 million email addresses had never been seen in Have I Been Pwned.
Hunt added these email addresses to his data breach notification service so everyone can check if their accounts have been compromised.
Telegram is a messaging platform used by those wishing to share content anonymously, including content related to data breaches. It’s also a means to sell comprehensive databases containing private and confidential information.
According to Hunt, a large chunk of the data sent to him is referred to as ‘combolists’. They’re combinations of email addresses or usernames and passwords with associated URLs. The data is split up into email service providers and other companies, such as Gmail, Hotmail, Netflix, Disney+, Amazon and Yahoo.
Hunt hopes recent data breach is a ‘wakeup call’
The cybersecurity expert from Australia believes the dataset is the result of infostealer malware that has obtained credentials as they were entered into websites or saved in the web browser on compromised PCs and laptops.
With such a large dataset, it’s impossible to verify all of the leaked credentials. In order to make sure the credentials are legit, Hunt reached out to several existing subscribers. Almost all of them confirmed the details were correct and probably stolen in a previous data breach. The security researcher also entered multiple email addresses or usernames at numerous websites, confirming their existence and the legitimacy of the contents of the data breach.
Hunt advises everybody to regularly patch and update their devices in order to keep their credentials and personal information safe. Installing security software, using strong and unique passwords for all online accounts, and enabling two-factor authentication (2FA) helps too.
Hunt hopes this recent data breach is a ‘wakeup call for everyone’s security game’. “ I do hope people recognise that their security posture is an ongoing concern and not just something you think about after appearing in a breach,” he says on his blog.
Your email address will not be published. Required fields are marked