SecureAuth Named a Leader in KuppingerCole Leadership Compass Report for Customer Identity and Access Management

Almost 22 Million More Passwords Leaked

Dr. Abdulrahman Kaitoua
February 11, 2019

Get the latest from the SecureAuth Blog

Size matters. You have heard this with respect to many things in the physical world, from skyscrapers (Burj Khalifia at 2,717 ft high) to paintings (by Ðuka Siroglavic at 116,000 sq. ft.) to sculptures (Fiori di Como at 2,000 sq. ft.) to dominoes being toppled at a single time (500,000 according to Guiness World Records). It appears that now new size records are being broken by cyber criminals as well with the recent Collection #1 announcement.

Collection #1 Data Breach

If you follow cyber braches and IT Security news, then you should be aware that the largest public data breach (by volume) has been dubbed Collection #1. This breach is responsible for772,904,991 unique emails and 21,222,975 unique passwords being exposed. A Mashable article titled “Nearly 22 million unique passwords leaked in in ‘Collection #1’ data breach” reported:

“More than 87GB of passwords and email addresses have been leaked and distributed in a folder dubbed “Collection #1” by hackers in a significant data breach. As detailed by security researcher Troy Hunt, the trove of nearly 22 million unique passwords and more than 772 million email addresses was hosted on cloud storage service MEGA. The link to the dump was posted on a hacking forum but has been since taken down from the service.”

The article goes on to explain how Collection #1 was built:

“Hunt explains the cache of emails and passwords were built up from numerous data breaches from allegedly thousands of sources, dating all the way back to 2008.  He came across the collection of files after he was alerted by “multiple people” last week, and discovered the breach even includes an email address and password he used years ago.”

Every Credential Has Been, Or Will Be Stolen

There was a time where dozens of stolen passwords or digital credentials would send paralyzing fear into the hearts of IT Security professionals as they, better than most, understand that it only takes just one to access sensitive data and extort $millions.

Unfortunately, recent headlines announcing 500 million and now even more at 773 million credentials stolen signal a new level of “normal on the war against cyber criminals. We have to start with the assumption that every credential has been stolen, even those not yet created in order to establish a new paradigm for truly safe identity authentication.

Eliminate Passwords Altogether 

Acceptto believes that your identity cannot simply be based on a password or a one-time token or only your biometrics. Your immutable identity is a combination of your physical behaviors, attributes and Digital DNA. We believe passwords are no longer relevant and that what you need is a way to immutably authenticate someone in order to be truly secure and compliant.

We call it Continuous Cognitive Authentication. You can eliminate preventable harm with our Biobehavioral AIML technology that enables frictionless authentication, prevents credentials stuffing instantaneously, ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without the guesswork or latency.

Acceptto is a transformative multi-factor authentication technology that delivers continuous identity protection and peace of mind in an age where passwords are ineffective and identity authentication is mission critical.

See for yourself what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy, especially for your PCI compliance requirements. Register for a free trial today.


Related Stories

Pin It on Pinterest

Share This