The Australian Cyber Security Centre (ACSC) has issued a warning to consumers and businesses to change their usernames and passwords following a data dump of stolen credentials on the dark web.
ACSC said it was aware that the so-called Collection #1 data dump of stolen credentials had been followed by the release of Collections #2, #3, #4 and #5.
“All five collections add up to one terabyte in size with 100 billion records in total,” the ACSC said.
“The lists include combinations of a large number of user credentials, including usernames and both hashed and plaintext passwords,” it said.
“Unlike other data breaches, this breach cannot be tied down to one site; instead, it appears to comprise multiple historical breaches across a number of websites/services.”
ACSC said it had issued direct notifications to the owners of Australian servers identified in Collection #1.
It said Collection #1 affected 773 million usernames and passwords.
It said organisations should check if they were affected by the breach on the Have I Been Pwned website; reset the passwords of affected uses; notify users of the breach; and enable multi-factor authentication.
The ACSC said individuals could also check if their credentials had been affected on the Have I Been Pwned website, which is run by Australian cyber security expert, Troy Hunt.
“Regardless if you have been impacted, the ACSC emphasises the importance of changing passwords regularly, in combination with implementing strong passwords,” the Security Centre said.
“The ACSC also advises users to implement multi-factor authentication on accounts where available,” it said.
The Have I Been Pwned website can be accessed at this PS News link.
