Security researchers have discovered a new collection of databases containing 2.2 billion unique usernames and passwords freely distributed in hacker forums and torrents.
Earlier security researcher Troy Hunt discovered the first set of databases named collection #1 containing 773 million unique username and passwords
Now researchers have discovered the remaining databases named Collections #2–5
Containing 845 gigabytes of stolen data and 25 billion records in total.
According to security researcher Chris Rouland, the collection has already circulated widely among hacker underground forums.
The tracker file Rouland downloaded was being seeded by more than 130 people and has already been downloaded more than 1000 times.
“It’s an unprecedented amount of information and credentials that will eventually get out into the public domain,” said Chris Rouland.
Most of the stolen data appear to be from previous breaches like Yahoo, Dropbox and LinkedIn.
According to Wired who analysed the sample of data, the credentials are valid and appears to passwords from two-year-old leaks.
Security researchers at Recorded Future,cyber-security firm claims to have discovered the hacker behind the database collections. The hacker who goes by the online name “C0rpz” is the person who collected and sold the massive collection of email address and passwords.
Users can check whether credentials have been compromised or not by visiting Have I Been Pwned website.
You may be interested in reading:Blur Data Breach Potentially Exposed Data of 2.4 Million Users