Is someone spying on you? Check your email now

Old hacks strike again: Data from 2.2B accounts lands on the dark web

More than 600 gigabytes of hacked accounts from years ago have been compiled and are free to download.

Billions of hacked passwords and usernames from the last decade have come together in a convenient download for anyone who can find it on the dark web.

More than 2.2 billion usernames and passwords have been compiled and laid out for hackers to use, according to researchers from the Hasso Plattner Institute in Germany.

The compiled data doesn’t come from any fresh breaches: Much of the information was accumulated in hacks like LinkedIn’s 100 million breached accounts and Dropbox’s 68 million stolen credentials, both of which happened in 2012. While this stolen data has been available for years, the massive collection conveniently puts it all in one download for people to use.

Researchers are referring to all that as Collection #2 through Collection #5, and it’s one of the largest compilations of stolen credentials in history. It follows the 773 million email addresses released in Collection #1 earlier in January.  

Data breaches are a painful reality of the digital era, with billions of people’s personal and confidential information at stake. That’s drawn the attention of lawmakers, who are considering ways to punish multimillion-dollar companies that can’t protect people’s private data.

Compiling data from old breaches could be a startling new trend for cybercriminals, said Emily Wilson, vice president of research at security firm Terbium Labs.

“Data from thousands of breaches, big and small, is floating around on the dark web on any given day,” she said. “There’s nothing stopping an enterprising criminal from gathering the data together, packaging it and remarketing it — especially when they can turn a profit.”

In the first collection, stolen credentials come from breaches as far back as 2008, sourced from more than 2,000 different hacked websites. The rest of the set, which weighs in at more than 600GB, includes data from hacks that hit MySpace and Adobe in 2013.   

Stolen credentials, especially on this scale, can be extremely valuable, but they’ve popped up for free on the dark web and hacker forums over the last month. Some entrepreneurial hackers have chosen to charge for the stolen data, despite its age.

“These collections contain enough credential sets that some percentage are bound to still be valid, and they’re directly in the line of sight for the criminal community,” Wilson said. “Even accounts that have since undergone a password change are still at risk: email addresses are appetizing targets for phishing attacks, and regular password reuse across multiple platforms means that even if the exposed account has undergone a password change, there may be plenty of other accounts still using that same compromised password.”

While the stolen information is old, hackers are betting that a small percentage of people in the data dump never changed their credentials, or are still using the same passwords years later.

If even just one-tenth of 1 percent of people in the massive leak still use the same passwords, that’s 2.2 million accounts that hackers could potentially access. Considering that 45 percent of people would keep the same password after a breach, according to a LastPass survey, the odds are in the attackers’ favor.

The massive amount of stolen data is most useful for credential stuffing, a technique in which bots flood multiple services with the same set of login information as quickly as possible.

If someone uses the same username and password for their hacked account on LinkedIn that they do for their bank accounts, for example, it could be an opening for credential stuffers to exploit.

You can check if you were affected by the massive data set with the HPI’s search tool. Even if you weren’t affected, you should consider changing your outdated passwords, or using a password manager.


With the HPI Identity Leak Checker, it is possible to check whether your email address, along with other personal data (e.g. telephone number, date of birth or address), has been made public on the Internet where it can be misused for malicious purposes.


Finansiële Nuus

News24 Business | Why your business should not be your retirement plan

Small business owners should not rely solely on their businesses to generate a retirement income. [Read More]

News24 Business | What benefits does my medical scheme offer for mental health?

Medical schemes are obliged to offer all members certain mental health benefits, but if your condition is not one of those listed, more comprehensive and expensive options typically provide the best benefits. [Read More]

News24 Business | Medical aid members are paying 25% to 30% more than they should due to NHI limbo

In a long wait for National Health Insurance, medical scheme healthcare reform is in limbo, resulting in members paying 25 to 30 percent more for membership than they could be. [Read More]

News24 Business | Buying a car? Here's a handy financial check list

Whether you need a car to feel safe or to feel fabulous, or just to get from A to B, choosing carefully will potentially save you a lot of money and many regrets. [Read More]

News24 Business | OPINION | Stressed about money? It may be time to change your thinking

Most of us struggle to use money in a way that serves us well. But you can learn to use it as a tool that can serve you well, writes Marguerite Engelbrecht. [Read More]

Business Tech

Ramaphosa addressed the nation for the last time before the 2024 elections, praising his administration's accomplishments over the past five years.
These are the professions that offer the salaries needed to afford some of the most expensive private schools in South Africa.
South African motorists have endured tremendous pain at the pumps with large petrol and diesel price increases.
Water supply constraints has seen over a third of households faced water interruptions in the past year, with some provinces seeing rates much higher.
South Africa may still be facing some challenges, but the mood in the country is substantially more optimistic.