Billions of passwords were exposed in the historic leak (Picture: Getty)
An estimated 1,300,000,000 passwords and 2,000 email addresses have been leaked online in a historic breach.
Have I Been Pwned (HIBP),which notifies internet users if their information has been breached,said cybercriminals are behind the massive leak.
Metro has confirmed that Gmail,Hotmail,Outlook and Yahoo emails are included in the leak.
Troy Hunt,chief executive of HIBP,has warned that anyone in the leak should change their passwords immediately as a precaution.
He added: ‘This corpus is nearly three times the size of the previous largest breach we have ever loaded.’
Some 625,000 of the passwords had never been detected before during a breach,he said.
‘I hate hyperbolic news headlines about data breaches,but for the “2 Billion Email Addresses” headline to be hyperbolic,it’d need to be exaggerated or overstated – and it isn’t,’ he added.
Hotmail accounts are included in the breach (Picture: Have I Been Pwned)
Anyone affected has been urged to change their passwords as a precaution (Picture: Getty)
Those affected are able to see if their passwords and emails are included by using HIBP’s free service.
How often should I change my passwords after a breach like this?
Breaches like this are worrying,but as long as you keep your passwords safe and update them to a secure password after a breach,you shouldn’t have to change them often.
Strong passwords consist of not using any personal information – such as your name and address – or common songs and pop culture references.
Take advantage of things you have memorised that not many people would know. This might be weird sentences and math combinations,or even memorable punctuation can help your password be stronger.
How to see if your information was leaked
You can check whether the details for any accounts you might have were shared in the data breaches collated by Have I Been Pwned.To do so,navigate to their website and enter your email address.This will not only show whether the email account itself was compromised but also any website or app accounts created using that email address.The compromised details can include email addresses,passwords and other details such as your name and locations linked to the account.To check whether any breaches linked to your account showed up in stealer logs specifically,you can create a Have I Been Pwned account here,after which you’ll be directed to a dashboard.On this dashboard,navigate to ‘Stealer Logs’ and any instances where your email addresses were recorded in a stealer log will be displayed.You can also see if a given password has appeared in a data breach using Pwned Passwords, although details about the leaks are not shown.
What types of malware are commonly used to steal login information?
Spyware and keyloggers,which record a user’s keystrokes,are the most common malware used to steal data.But most hacks are from cybercriminals,who use a combination of methods to steal information.The recent attack comes less than a month after an additional 183,000 account details were breached by cybercriminals.The massive trove of data was originally leaked from computers infected with a type of malware called infostealers,which scan systems for stored cookies and credentials to find out the email address and password used to log into a website.Chunks of this data – known as ‘stealer logs’ – were leaked online,ending up on easily-accessible platforms such as Telegram, social media sites and web forums.
