New data incident: 2.2 billion online accounts affected

Threat Alert

After the recent incident where it was revealed that millions of hacked email addresses and passwords were circulating on Internet forums under the name “Collection #1”, the remaining parts “Collection #2 – #5” have now surfaced.

What happened?

As the name Collection #1 suggested, there are apparently other parts besides this data set with 21,222,975 passwords and 772,904,991 e-mail addresses. The Hasso Plattner Institute announced today that it has processed the Collection #1 dataset and the remaining parts #2 – #5 and incorporated them into its “Identity Leak Checker” service.

2.2 billion email addresses with passwords comprise the data collections. The user information contained therein was stolen, compiled and posted on the Internet at unknown times. Some of the information stems from already known security incidents. In spite of everything, it is worthwhile to be safe and check your own e-mail address again.

A security expert, who prepared the data set Collection #1, suspects that this part was intended for so-called “credential stuffing”. This is the automated use of discovered username and password combinations. This makes it possible to gain access to user accounts and, if necessary, to take them over completely.