You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Have you changed your passwords lately? Perhaps you should, or better yet, consider using a password manager. That's the advice of security researcher Troy Hunt who recently spied the largest-ever collection of compromised accounts.
"Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). The collection totaled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialized," Hunt stated in a blog post.
Hunt took it upon himself to sort through nearly 2.7 billion rows of email addresses and passwords, which included "some junk because hackers...don't always neatly format their data dumps into an easily consumable fashion." Nevertheless, he found a staggering number of unique email addresses—nearly 773 million of them, along with over 21 million unique passwords.
To be clear, this is not the result of a single data breach. The collection of data comprises "many different individual data breaches from literally thousands of different sources." Nefarious data dumps are not uncommon, sadly, but never before has anyone seen one as massive as what Hunt has labeled "Collection #1."
It's likely that not all of the data is accurate, and much of it might even be outdated. Hunt says the process of verifying data breaches is "often a non-trivial exercise." However, he also said he recognized many breaches in that list that he knows to be legitimate, including ones containing his own personal data.
"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago. Like many of you reading this, I've been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public," Hunt said.
Hunt runs the "have i been pwned?" website where users can input their email address to see if it is known to have been compromised, and if so, in which data breach(es). The site doesn't store any passwords, though he has added a similar tool that lets you input a password to see if it too has been compromised.
Hunt's big takeaway from all this is that it reinforces the notion that people should be using a password manager.
"You have too many passwords to remember, you know they're not meant to be predictable and you also know they're not meant to be reused across different services. If you're in this breach and not already using a dedicated password manager, the best thing you can do right now is go out and get one," Hunt added.
Hunt himself uses 1Password, though there are other options, notably LastPass. Barring a password manager, Hunt recommends going old school and writing down passwords in a notebook.
"It might be contrary to traditional thinking, but writing unique passwords down in a book and keeping them inside your physically locked house is a damn sight better than reusing the same one all over the web," Hunt said.
