Originally posted on 17th of January 2019 By: Gunny Waffle of the Star Warrior's Server Mod Team
Normally, the mod team does not echo reports on email/password dumps. We have very good reasons that I will get to in a moment. However, since over a dozen people have DM'd us in one day, I am writing you this report. My goal is to educate you on the subject and to release the tension and worry.
Today, the world's largest known dump of email accounts, passwords, and logins hit the internet. It is being called "Collection #1" after its root file path. That sounds terrifying, but it really is not and here is why.
What people are claiming:
- Google, Yahoo, and Hotmail leaked user account credentials.
- 773 million people lost their logins to a hacker.
- If you don't spread this information you are endangering others.
- There were no leaks.
- That number, while accurate, is wrong in that context. When the dump was analyzed the number shrinks down far further, below 22 million.
- This happens daily, and it was just a big one today.
That probably is not enough to clarify things, so let me explain it further.
These dumps are commonplace. More often than not, a dump is an old dump with new data appended to it. It is how data is kept alive despite being deleted by the hosting site. In this case the appended data was big, but new data happens all the time regardless. The size of this new dump pales in comparison to the total size of all dumps in the past few years.
You can use this security website to check if your email OR password have ever been found in one of these dumps. Go ahead and check.
My email has been found in 10 breaches and 2 dumps. I am still hack-free and have access to all my accounts. My password registers as safe despite this.
I'm even listed as being in "Collection #1", which is still unverified as a real breach. (like other breaches years ago)https://haveibeenpwned.com/
So in short, you are 99.9% safe. The 00.1% is if you get randomly picked AND the data is correct AND you have no 2FA AND your service does not block unusual access AND your service does not require you to change your login.
That is so slim. So impossibly slim that the hackers need 100s of millions of users' info to even have a chance at using it.
So don't panic, and change your password if you are listed as "pwned" in "Collection #1" by that website I linked earlier. Easy peasy you just eliminated a 00.1% chance of being hacked.
We don't echo events like this because it just causes anxiety, worry, panic, and confusion. If there was a genuine risk, your service (like Google) would notify you.
This is also why we ask that people go to mods first before spreading news like this. We understand that the rule is flaky, so we are re-writing it soon, my apologies.
You can read the reporting post here:https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
As always, we are open to questions and will append with a FAQ if necessary.
Enjoy your night!
- Star Warrior's Server Mod Team