'Collection #1' data breach is just the beginning, cyber security experts warn

'This is a start of something far more significant than anything we have seen before'

Andrew Griffin
Friday 18 January 2019 07:58 EST
Comments
A person sits in front of a computer screen in Moers, Germany, 04 January 2019
A person sits in front of a computer screen in Moers, Germany, 04 January 2019 (EPA/SASCHA STEINBACH)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The vast data breach that might be the biggest ever posted on the internet is just the beginning, cyber security experts have warned.

The trove of sensitive information known as Collection #1 was published to the internet this week, allowing anyone to download a collection of hundreds of millions of email addresses and passwords. They are likely to be used for years, as hackers attempt to break into people's personal acounts.

But there are a host of similar collections being passed around the web, many of which are far bigger than the collection that arrived this week, researchers say.

Cyber security journalist Brian Krebs reported that he had spoken to someone selling the collection, and that it is just one part of a numbered series that taken together dwarfs the initial data breach that has been posted publicly.

Collection #1 is roughly 87GB in size. Altogether, the whole collection totals more than ten times that, and the same seller seems to have seven collections one of which is more than 500GB even by itself.

Experts said that those hacks were just the beginning, and that further email addresses and logins were likely to be discovered.

“This is a start of something far more significant than anything we have seen before," said Jake Moore, cyber security specialist at ESET. "Hackers are becoming even more sophisticated and, hopefully, this is a massive wake-up call to anyone with an email address."

Data breaches like Collection #1 are generally bought by hackers relatively cheaply, so they can be used in a variety of cyber attacks. Chief among them is an activity known as credential stuffing, where the logins are plugged into a wide variety of services in a fast and automated way, in the hope of finding websites where people have re-used the stolen emails and passwords.

Security experts advise people to use different passwords and change them regularly, so that stolen passwords cannot be used. Those can be stored by a password manager, of the kind now built into Apple's iOS and MacOS.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in