Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
2-min read

The Biggest Data Breach of All Time: 773 Million Email Addresses And 21 Million Passwords Exposed

The unique email addresses totalled 772,904,991 and there are 21,222,975 unique passwords.

Vishal Mathur | @vishalmathur85

Updated:January 18, 2019, 9:28 AM IST
The Biggest Data Breach of All Time: 773 Million Email Addresses And 21 Million Passwords Exposed
The unique email addresses totalled 772,904,991 and there are 21,222,975 unique passwords (Image: Troy Hunt)

It may be time to change all your passwords. If you thought Facebook leaking your data to a third party was bad, wait till you hear this. As many as 772,904,991 unique email addresses and over 21 million unique passwords have been leaked online. This specific data dump, called as "Collection #1," is an aggregation of multiple leaked databases that include passwords that have been cracked and holds within itself 2.7 billion records.

The data set was first reported by security researcher Troy Hunt, who run the Have I Been Pwned website. This website lets you confirm if your email address or password have been compromised by a breach at any point of time. Hunt, in a blog post confirms, “the unique email addresses totalled 772,904,991 and there are 21,222,975 unique passwords.”

The Collection #1 is over 87GB worth of data, and contains over 12,000 separate files. As it turns out, this data leak was posted on the cloud based sharing website, Mega. Hunt refers to Mega as a “hacking forum” and clarifies that this data seems to have been taken down since.

The way logins on most websites work is that these websites themselves don't store your password. However, what they instead store is a "hash" of your password, which emerges after a complex mathematical calculation that spits out a long string of numbers and letters instead. The next time you log in using the same credentials on the website, and type in the password, the authentication process runs the password through the same calculations, and if the created hash matches the original one, you are allowed to access your account. The latest breach clearly suggests that these hashes, let us say a protective layer for your passwords, has been safely cracked. The hackers have collected and presented your passwords in plain text form in this Collection #1 dump.

Now, how do you find if your email has been impacted?

Hunt has loaded the data into Have I Been Pwned. What you need to do is head to this website, and type in your email address to know if your account has been compromised, and if yes, how many previous breaches it has been a part of. The additional data also tells you exactly how much of your data was revealed in each of the breaches—email address, password, user name, IP addresses, geographic location, government issued ID documents, phone number, physical address and more.

Have I Been Pwned

Secondly you can head to Have I Been Pwned’s companion platform called Pwned Passwords, and type in any password combination that you use to see if that particular combination has ever been leaked in any of the previous data breaches.

The sheer scale and size of Collection #1 and what it reveals is huge. This is one of the largest data breaches in the history of the world wide web, if not the biggest. It is worrying to note that this entire collection was available in the public domain, on the world wide web, for a significant period of time. Till Mega took it down, that is.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results