The Australian Cyber Security Centre (ACSC) has urged organisations and individuals across the Australian Public Service to check if their email addresses and/or passwords are included on recently released lists of stolen data.
Using the dumped details to remind users of the importance of protecting themselves and their information on the net, ACSC said the released collections contained billions of stolen addresses and passwords and had been sourced from the ‘dark web’.
ACSC said it was aware that the so-called Collection #1 dump of stolen credentials had been followed by the release of Collections #2, #3, #4 and #5.
“The lists include combinations of a large number of user credentials, including usernames and both hashed and plaintext passwords,” the Centre said.
“Unlike other data breaches, this breach cannot be tied down to one site. Instead, it appears to comprise multiple historical breaches across a number of websites/services.”
It said all five collections added up to a terabyte in size with 100 billion records in total.
The ACSC urged the managers of websites and users of emails to check if their organisation or their addresses had been caught in the breach by visiting the website HaveIBeenPwned.com.
Head of the ACSC, Alastair MacGibbon said there were simple steps that should be taken immediately if you find you’ve been compromised.
“Change your passwords, and don’t re-use passwords and email addresses across multiple sites,” Mr MacGibbon said.
ACSC has issued direct notifications to the owners of Australian servers identified in Collection #1, details of which can be accessed at this PS News link.
Then ‘HaveIBeenPwned’ website can be accessed at this PS News link.