'Collection #1' data breach is just the beginning, cyber security experts warn

'This is a start of something far more significant than anything we have seen before'

Andrew Griffin
Friday 18 January 2019 12:58 GMT
Comments
A person sits in front of a computer screen in Moers, Germany, 04 January 2019
A person sits in front of a computer screen in Moers, Germany, 04 January 2019 (EPA/SASCHA STEINBACH)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

The vast data breach that might be the biggest ever posted on the internet is just the beginning, cyber security experts have warned.

The trove of sensitive information known as Collection #1 was published to the internet this week, allowing anyone to download a collection of hundreds of millions of email addresses and passwords. They are likely to be used for years, as hackers attempt to break into people's personal acounts.

But there are a host of similar collections being passed around the web, many of which are far bigger than the collection that arrived this week, researchers say.

Cyber security journalist Brian Krebs reported that he had spoken to someone selling the collection, and that it is just one part of a numbered series that taken together dwarfs the initial data breach that has been posted publicly.

Collection #1 is roughly 87GB in size. Altogether, the whole collection totals more than ten times that, and the same seller seems to have seven collections one of which is more than 500GB even by itself.

Experts said that those hacks were just the beginning, and that further email addresses and logins were likely to be discovered.

“This is a start of something far more significant than anything we have seen before," said Jake Moore, cyber security specialist at ESET. "Hackers are becoming even more sophisticated and, hopefully, this is a massive wake-up call to anyone with an email address."

Data breaches like Collection #1 are generally bought by hackers relatively cheaply, so they can be used in a variety of cyber attacks. Chief among them is an activity known as credential stuffing, where the logins are plugged into a wide variety of services in a fast and automated way, in the hope of finding websites where people have re-used the stolen emails and passwords.

Security experts advise people to use different passwords and change them regularly, so that stolen passwords cannot be used. Those can be stored by a password manager, of the kind now built into Apple's iOS and MacOS.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in