“Mega-Cyber-attack” and “Mega-Hack”: Such terms you just read often in the context of the data publications of the “0rbit”. The leaked information, such as addresses, phone numbers or Chat messages belong to more than a thousand politicians, Celebrities and web stars – because some of the editor seemed to be the “Mega” is probably appropriate.

On Wednesday evening, a message made the round in which terms such as “huge,” “gigantic,” or “Mega” is much more reasonable. In one Hacker Forum, it was made on a Cloud-platform Mega the published record to the attention of, the now, for example, the Tech magazine “Wired” as a “Monster-Breach” introduces, as a Monster vulnerability.

The platform-Mega has taken the record now offline, it by, among other things, the Australian security researcher Troy Hunt, who works for Microsoft could look but. Hunt reported on its Website that it is home to over 1.16 billion combinations of E-Mail addresses and passwords. Of these, 772 million E-Mail addresses and 21 million passwords appear to be only a single Time. It is, therefore, not only default passwords like “12345”.

One could say also: Who gets the data set in the Finger, gets potentially millions of ideas of how he could take over Accounts from Internet users.

87 gigabytes, 12.000 files

How current is the total of 87 gigabytes of data, and thus the contained E-Mail addresses and passwords are, is unclear. The access data collection researchers Hunt, 12,000 files. In your home directory, he came across the term “Collection #1” that he used for the designation of the Leaks.

where the data is coming in Single, don’t know Troy Hunter, he is not sure, however, that it is only the prey of various Hacks (which connects the Leak with the case, “0rbit”). The data set put together from many different data leaks, writes Hunt, “in the truest sense of the word, Thousands of different sources”.

One or more hackers could have collected the information from numerous third-party data Leaks and re-put it together, possibly with a bit of extra work: Hunt, passwords are in the data set part, namely, in plain text, the veiled services, originally, have been so converted, via a so-called Hash function in a random-looking sequence of characters.

Whether or not the data are affected via an Online Tool called “Have I Been Pwned” to find out that Troy Hunt himself. Typing in his E-Mail address, gets feedback as to whether you had steels, a part of one of many well-known data thief. Also, the 772 million E-Mail addresses from the “Collection #1” are already taken into account. Some of the data were already previously found, at least 140 million E-Mail addresses and tens of millions of passwords were, however, also hunt’s Service as yet, unknown.

Not every outcome will help immediately

Usually, you should be at all affected by a known Leak, reveals hunt’s Service a right, specifically, the context in which the own E-Mail address showed up. Then it roughly means: In case of a Hack at Dropbox, your Mail have been tapped-address and the associated password. The password itself is not called on hunt’s Website.

In the “Collection #1” is the procedure more complicated, the service can give you the feedback, whether or not the E-Mail address is in some Form part of the record. The resolution, in what context, exactly, is missing. This can be explained that Hunt was not able to assign the data from the “Collection #1” is always clearly defined sources. to create

evaluation of an E-Mail address

This clarity, it can help users a sub-function of the service, by entering specific passwords to check whether they are in a from the Online Tool detected Leaks showed up. This is the case, you should use the appropriate password to the best anywhere.

Circulating the data to their Account on the network, it can be quite a Problem, not only because – the data should be up to date – someone logging in to the accounts and, therefore, his mischief could drive. Also Online Erpesser make use of information from data leaks, for example, for the target person customized E-mail messages, with addresses such as “I know that your password is dsakljk”.

More the risk of data Leaks and to the great disadvantage of that is that there are services such as “Have I been pwned”, read here. Ten General tips for more security in the network can be found here. Reading tip on the topic of DPA Old data leaks: MySpace-passwords as a template for hackers


Sam Yoon has many years of experiences in journalism. He has covered such areas as information technology, science, sports and politics. Yoon can be reached at 82-2-6956-6698.