Security researcher Troy Hunt, who runs the service Have I Been Pwned, has discovered almost 773m unique email addresses and around 22m unique passwords hosted on Kim Dot Com’s cloud service MEGA.
In a blog post, he revealed that the collection contained over 12,000 separate files and more than 87GB of data.
The data, which Hunt refers to as Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows on a spreadsheet that has allegedly come from numerous sources.
Hunt provided more details on his discovery in his blog post, saying:
What I can say is that my own personal data is in there and it’s accurate; right email address and a password I used many years ago. In short, if you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.”
Some of the passwords included in the dataset have been dehashed and appear as plain text in the files including Hunt’s own password.
He first began investigating the data stored on MEGA when multiple people reached out to him and Collection #1 was also discussed on a hacking forum.
As of now, the collection has been removed from the cloud service but the passwords and email addresses stored within it are likely still floating around on the internet.
Hunt’s service Have I Been Pwned is an excellent resource to see if you or your family’s passwords have been leaked online.
- We’ve also highlighted the best VPN to help protect your privacy online