A new trove of data that had been shared on the cloud service MEGA included roughly 773 million sets of email addresses and passwords, apparently stolen amid numerous earlier data breaches, security researcher Troy Hunt wrote in a blog post Thursday.
The dataset, known simply as “Collection #1,” included more than 87 gigabytes of data, spanning more than 12,000 files in a variety of formats, Hunt writes. It’s since been removed from MEGA, but it’s believed to have been posted for use in so-called credential stuffing attacks, where hackers will try to use leaked usernames and passwords from one site on other popular digital services in the hopes that people have reused their passwords.
The passwords are stored in plain text, meaning anyone who has a copy of Collection #1 can read them or use a bot to automate trying them on different sites.
If you’re curious whether your email address is included in the collection, or other known data dumps, you can check at Hunt’s website haveibeenpwned.com. If you find your address, you may want to consider resetting your passwords at various services. For security reasons, Hunt doesn’t disclose the passwords found with any email address, even to the address’s owner.
Since credential stuffing attacks are pretty prevalent, it’s best to avoid reusing passwords from site to site. A password manager can help you generate random secure passwords and store them securely on your devices.