You can check if your account or password has been breached through sites like Have I Been Pwned
Data breaches are unfortunately something we seem to be constantly straddled with lately. And one of the ones that are being reported now isn’t something to scoff at either. So, we’re just here to remind you to change passwords, don’t use the same password for different accounts, enable multifactor authentication where available, and think of finally getting a password manager, or better ways to come up with a password (this is a good podcast episode to listen to). It’s been called the “Collection #1” breach and considered the largest public data breach by volume. It’s said to have hit 772,904,991 unique emails and 21,222,975 unique passwords. Have I Been Pwned’s Troy Hunt reported about the breach. He says a large file of 12,000 separate files and 87GB of data were uploaded to cloud service MEGA, and this information was later posted to a popular hacking forum. The data is said to be an amalgamation of over 2,000 databases, and that this database contains “dehashed” passwords. This means the methods used to scramble passwords into unreadable strings has been cracked and the passwords are exposed. So, again, if you’re affected, it’s better to change those passwords now. Or if you aren’t but haven’t updated your passwords in a while, we suggest you do that now.
Unfortunately, it doesn’t end there. According to security reporter Brian Krebs, Collection #1 is a single offering from a seller who claims to have at least six more batches of data. And Krebs writes that this person is selling “almost 1 Terabyte of stolen and hacked passwords.” And this breach is at least two to three years old. But while it’s old, it doesn’t exactly mean it couldn’t still be used for malicious means.
Source: Gizmodo