• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

The “Collection” Mega Data Leak – Are You Affected and What Can You Do?

You are here: Home / Security News / The “Collection” Mega Data Leak – Are You Affected and What Can You Do?

A couple of weeks ago, word of a monolith data leak was being discussed on various hacker forums. Security researcher Troy Hunt first reported the leak when he too had heard rumours and was directed to a source on the popular file sharing site, MEGA. The data has since been removed from the site. hacked

The leak, known as “Collection #1”, is a collection of leaked credentials from thousands of individual security breaches that have occurred over the last few years. The data includes hundreds of millions of unique email addresses and passwords, both hashed and unhashed. Collection #1 by itself is one of the largest data leaks in history.

However, in the last week or so, it has been discovered that there are more “collections”, namely Collections #2 through to #5. Collections #2 to #5 were found for sale on the dark web and included three times as much unique data as Collection #1. These ‘sequel’ leaks have brought the total number of unique email addresses and passwords to an astonishing 2.19 billion.

Who was affected?

At this scale, you can almost be certain that if you use a particular email address for a number of accounts, it has been leaked. If you only use your email address for email and a few popular social media sites, then you may be unaffected.

The breaches included in Collections #2 to #5 include the Yahoo!, LinkedIn and Dropbox data breaches that occurred some years ago. As mentioned previously, the majority of the ‘Collection’ also includes data from thousands of smaller data breaches that have occurred over the last few years.

Security researcher Troy Hunt who first brought Collection #1 to light, created and maintains an excellent site for determining whether or not your email addresses or passwords have been compromised called ‘Have I Been Pwned?’. The site allows you to input your email address or password (don’t worry, it’s safe – your password is hashed client-side), and it will alert you if either one has been seen in a data leak.

What can you do?

Our first recommendation would be to input your email address into the Have I Been Pwned website. It can be difficult to find out which accounts exactly have been compromised. If you use one or a few passwords for all of your accounts, you should update them across your primary accounts to be safe.

Ideally, if you haven’t already, we highly recommend that you take the time and start using a password manager such as LastPass, Dashlane or 1Password. This will enable you to have unique passwords for every account without having to remember them all; you only have to remember one strong password. These password managers will also alert you when your accounts have been involved in a breach, and for many popular services the manager can even automatically change your password for you.

Password managers can be used enterprise-wide to ensure that password security within an organisation is strong and maintained, as the password security for all employees can be managed by IT or security personnel. All of the major password managers offer business features and pricing.

It is also a good idea to notify friends and family that their passwords may have been compromised and to perhaps educate them on good password security habits. It is very likely that such password leaks will become more prevalent in the future.

Agilient specialises in educating organisations on best security practice and how to improve security habits. If you’d like to know more about how we can help your organisation, contact us today.

Follow our LinkedIn page for all the latest security updates, and Contact Us to see how we can assist your business.

Author: Jack Schofield, Agilient Consultant

Tweet
Share

General,  Security News Collection megaleak,  cybersecurity,  dark web,  data leak,  hacked,  Have I Been Pwned,  LastPass,  password leaks,  password manager,  Troy Hunt

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692