with the release of a file containing over 773 million unique email addresses and over 22 million unique passwords. The passwords were harvested from hundreds of hacks and breaches at websites and online services across the world and compiled into a file titled 'Collection #1' that was then released to the public.
In retrospect, that name should have given us a clue that there were more breaches to come. Now hackers have released Collection #2, 3, 4, and 5 to the public, which contains a total of 2.2 billion unique sets of usernames and passwords harvested from online services. The breach was first reported by
German tech website Heise Online and was
confirmed today by Wired UK with comment from Germany's Hasso Plattner Institute and cybersecurity firm Phosphorus.
This breach is sure to have caught the attention of Cybersecurity expert Troy Hunt who brought the Collection #1 breach to our attention earlier this month, but with over 845GB of data stored in 12,000 files and totalling over 25 billion records, it may be some time before the password records are incorporated into his "Have I Been Pwned?" service. You can
enter your email address into his website to get a notification every time it's found in a major data breach, and use his service to check your individual passwords.
The advice for users to secure their passwords remains the same as ever: Generate completely unique and truly random passwords for each website you use, and use a password manager service to remember them and fill in login forms. Never use the same password on more than one website, even if you make small changes depending on the website. The only secure password is one you can't remember.