The massive data breach has been detected by Troy Hunt, who is a security researcher. Hunt operates a website called Have I Been Pwned. The site enables users to check if your email has been compromised in a data breach, and this facility has been put to good use recently in the wake of the major hack.
Hunt reports that a large file consisting of 12,000 separate files and totaling 87 GB of data had been uploaded to MEGA, which is a commonly used cloud service. The data was then posted into a hacking forum and, from analysis, the post appears to be an amalgam of in excess of 2,000 databases.
Speaking with Wired, Hunt said: “It just looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There’s no obvious patterns, just maximum exposure.”
According to Gizmodo, the databases contain “dehashed” passwords. This infers that methods used to encrypt passwords into unreadable strings has been smashed leading to the passwords becoming fully exposed. The implication from this is that not only are emails made available but also user passwords, giving hackers an easy way into systems or to impersonate people.
In short, anyone affected by the hack could have the information found within it used against them. More troubling, anyone who has used the Internet in the last decade could be one of those affected. For those concerned, Hunt’s website HaveIBeenPwned.com is offering an email alert scan and alert service.
In related news, Quora recently announced that a third-party was able to gain access to virtually every data point the company keeps on 100 million users. This exposes a considerable volume of person information about users of the question and answer website.