Troy Hunt, the security researcher behind the HaveIBeenPwned website has added a massive list of compromised email addresses and passwords to his database.
The data set, called “Collection #1” has been circulating in some shady parts of the internet and includes 772.9 million email addresses and 21.2 million passwords — which have been dehashed (meaning they’re in plain text).
Much of this data was actually already available, but there do seem to be a substantial number of new email addresses and passwords in the list, so it’s probably a good time to check and see if your data has been involve in any known data breaches — and then change your passwords for all affected services.
Hunt offers two secure tools that can help: HaveIBeenPwned lets you search by email address to see what known data breaches your address has been involved in, while the Pwned Passwords tool lets you search by password (but doesn’t tell you which sites/services have been compromised).
You can also find a list of all the sites associated with Collection #1 if you want to search by name.
All told, the latest news is yet another reminder that odds are your data is going to get leaked sooner or later (and probably repeatedly). So the best thing you can do to minimize the risk is to use different passwords for every account you have, and enable multi-factor authentication whenever possible.
Of course, you probably have dozens or hundreds of different accounts… so you’re probably going to want to use a password manager so you don’t have to remember all those different logins.