An unknown individual has compiled a huge online dataset comprised of approximately 560 million email addresses and their corresponding credentials, over 243 million of which are unique, according to Kromtech Security Research Center.
Most or perhaps all of the credentials have been leaked before, only now they have been gathered into a massive combo list, Kromtech reported in a blog post this week. Over 75 gigabytes in size, the database consists of data stolen from LinkedIn, Dropbox, Lastfm, MySpace, Adobe, Neopets, RiverCityMedia, 000webhost, Tumblr, Badoo, Lifeboat and other services.
"The lesson here is simple: most likely, your password is already there and somebody might be trying to use this just now. So isn't that a good time to change it now?" wrote blog post author Bob Diachenko, chief communication officer at Germany-based Kromtech, which is owns the MacKeeper computer security software brand.
In his blog post, Diachenko stated that he showed the data set to security researcher Troy Hunt, founder of the "Have I been pwned?" data breach website, who was able to identify the exact number of unique entries.
According to Kromtech, the database is hosted on a cloud-based IP, but it is not known who owns it. The research center has reportedly reported the site to its hosting provider in hopes of shutting it down.
On his own website, Hunt's number-one breach is another combo list of previously leaked credentials, referred to as Exploit.In. This list consists of over 593 million stolen credentials stolen, which were widely circulated and used for credential stuffing, meaning attackers attempt to find other websites where account owners may have reused the same stolen passwords.
"The fact that this data has been collected and compiled into a single database hints at one thing and one thing only: malicious actors are still attempting to leverage these credentials to gain access," said RJ Gazarek, product manager at Thycotic, in emailed comments. "Putting all of the compromised credentials into a single database allows for a single malicious application to quickly run through that database and attempt to try that email and password combination, not only at the site it was compromised, but also at other popular sites."