A treasure trove of sensitive data has been found by researchers, recommending a change in password yet again. A stash of more than 560 million login credentials has been found, and this includes email IDs and passwords stolen from ten popular websites.
This data trove was found first by researchers from Kromtech Security Center, who later ran it by Web security expert Troy Hunt for verification. Gizmodo reports that Kromtech researcher Bob Diachenko has confirmed that the dataset includes 243.6 million unique email addresses. These email addresses and passwords are compiled through previous breaches at MySpace, Adobe, Neopets, LinkedIn, DropBox, Tumblr, LastFM, Badoo, Lifeboat, and MySpace among others.
The researcher claims that the database is almost 75GB in size, and contains data structured in readable JSON format. As is with many leaks, the identity of the person who owns this database is not known, but the Kromtech guys are calling him ‘Eddie’ after a user profile discovered on the storage device.
“The database in question is hosted on a cloud-based IP, and it is unclear who actually owns it. We sent notification email to the hosting provider, but usually it is not the quickest way to shut it down. After a series of ‘ransomware’ attacks targeted on MongoDBs left without authorisation in the beginning of this year, I was not sure if somebody still uses early versions of Mongo where default configuration is possible. It appears that ‘Eddie’ did,” Diachenko explains on MacKeeperSecurity.
Looking at the sheer volume of database, it’s most likely that your email id may have been compromised. You may head over to Have I Been Pwned to ascertain if your email ID is secure or not, but even if it is, we recommend you to change your passwords anyway.